[17289] in bugtraq
In response to posting 10/18/2000 vulnerability in Oracle
daemon@ATHENA.MIT.EDU (Mary Ann Davidson)
Fri Oct 20 20:37:51 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------AA5CDA3979D69FBEBE8DAEFB"
Message-Id: <39F0CA30.948EE03E@oracle.com>
Date: Fri, 20 Oct 2000 15:41:52 -0700
Reply-To: Mary Ann Davidson <Mary.Ann.Davidson@ORACLE.COM>
From: Mary Ann Davidson <Mary.Ann.Davidson@ORACLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------AA5CDA3979D69FBEBE8DAEFB
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi Bugtraq Moderator -
This is in response to the above posting by pask@plazasite.com (Juan
Michael Pascual Escrib). I did try to post online but apparently I need
to register to do this. (Aside - it would be helpful if you had more
readily-apparent information on how exactly one does register to post
online. I could not seem to find this information on the BUGTRAQ site.
Sorry if it WAS obvious and I missed it!)
Oracle's response is as follows:
The Linux version of Oracle Internet Directory (mentioned in the alert)
is not a production release from Oracle; though Oracle Internet
Directory 2.0.6 was never released on Linux, the OID binaries were
accidentally shipped with the 8.1.6 Linux port and apparently install by
default. Our position is that this should be regarded as a "pre alpha"
product, is not supported, and should under no circumstances put into
production in a customer's environment. We apologize for our mistake and
regret and inconvenience this has caused our customers.
We are also reviewing current production releases of OID to ensure that
this problem does not occur in other releases and platforms, and will
provide BUGTRAQ with additional information should the scope of the
problem extend to production versions of product. We appreciates
receiving first notice of any security issues pertaining to any of our
products, and apologize for any delays encountered in responding to
those who reported this one.
Oracle encourages all Linux directory developers to download the
upcoming production version of Oracle Internet Directory, v2.1.1, part
of the Oracle 8.1.7 (8i Release 3) server media pack, from
http://technet.oracle.com/, when it becomes available early next week.
Regards
Mary Ann Davidson
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mary Ann Davidson
Director, Security Product Management
Server Technologies
Oracle Corporation
(650) 506 5464
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
No ka moana ku'u mele; no na halu au e hula ai.
"From the ocean comes my song; of the waves I dance my dance."
There is no problem a good day of surfing won't cure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------AA5CDA3979D69FBEBE8DAEFB
Content-Type: text/x-vcard; charset=us-ascii;
name="Mary.Ann.Davidson.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Mary Ann Davidson
Content-Disposition: attachment;
filename="Mary.Ann.Davidson.vcf"
begin:vcard
n:;Mary Ann
x-mozilla-html:FALSE
adr:;;;;;;
version:2.1
email;internet:Mary.Ann.Davidson@oracle.com
fn:Mary Ann Davidson
end:vcard
--------------AA5CDA3979D69FBEBE8DAEFB--
