Bugtraq mailing list archives

Re: Oracle 8 root exploit

From: chris_calabrese () YAHOO COM (Chris Calabrese)
Date: Tue, 16 Nov 1999 13:23:49 -0800


I just tested some machines both with and without
Oracle's patch for the bug related to trusting
$ORACLE_HOME when calling dbsnmp.

Good news.  The patch does indeed address the bug
related to using sym-links from ./dbsnmpc.log and
./dbsnmpw.log to over-write root-owned files that
Brock Teller reported on the other day.

However, Intelligent Agent 8.1.5 (the version Brock
reported on) does not have a patch available for it.
This is pretty strange considering that there's a
patch for 8.0.5 and that other 8.0.6 and 8.1.x
releases don't have the vulnerability.

=====

__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Current thread:

Oracle 8 root exploit Tellier, Brock (Nov 13)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 15)
- Re: Oracle 8 root exploit Jared Still (Nov 16)
- <Possible follow-ups>
- Re: Oracle 8 root exploit Martin Mevald (Nov 15)
- Re: Oracle 8 root exploit Antonomasia (Nov 15)
- Re: Oracle 8 root exploit Elias Levy (Nov 16)
  - Re: Oracle 8 root exploit Adam and Christine Levin (Nov 16)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 16)
  - Re: Oracle 8 root exploit Alan Olsen (Nov 19)
  - [RHSA-1999:055-01] Denial of service attack in syslogd Bill Nottingham (Nov 19)
  - [ COBALT ] Security Advisory - syslog Jeff Bilicki (Nov 20)
  - IE 5.0 XML HTTP redirect problems Georgi Guninski (Nov 22)
  - DoS with sysklogd, glibc (Caldera) Alfred Huger (Nov 22)
    - Re: DoS with sysklogd, glibc (Caldera) Balazs Scheidler (Nov 22)
- Re: Oracle 8 root exploit Steve D'Angona (Nov 18)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 18)