Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener

["Jair Pedro" <jair () agendasaude com br>]

After reading the article, I went to oracle to download the patch and was
very surprised that in order do download the patch I would have to Pay!!! To
access the restrict area where I could get the patches I would have to had a
contract with them, which costs about 22% of the licence I already have.

I tried to explain them by phone and email that was not my fault the fact
that their product had this serious security flaw and all they said was
their assistance in free basis was only during the first 3 months after
install and "you would have a lot of  advantages signing our support
services".
I dont want support as far we have almost half a ton of books on our
development department and all the news group on the internet...

There is nothing I can do now, except to pay to correct their very own
error, but, on my company,  I do not intend to deploy any others product
which similiar politic$ for patches.

The next time we need a database, it will not be an Oracle.
I'd like to hear from the list if there are others companies/products with
such an absurd policy.

tks

Jair
----- Original Message -----
From: "Aaron C. Newman" <aaron () newman-family com>
To: "Jeffrey M. Smith" <jsmith () purdue edu>; <bugtraq () securityfocus com>
Sent: Friday, June 29, 2001 8:06 PM
Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener


> I also could not locate a patch or even a reference to the bug id either.