Bugtraq mailing list archives
RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
From: "Aaron C. Newman" <aaron () newman-family com>
Date: Fri, 29 Jun 2001 19:06:11 -0400
I also could not locate a patch or even a reference to the bug id either. There is a little bit of disparity between the Covert and the Oracle advisories. Oracle currently claims they are in the process of backporting. Having dealt with Oracle in the past on issues such as this, they have alot of work backporting to all the different platforms and versions, so it typically takes them quite sometime to patch this stuff.
From the Covert release:
Oracle has produced a patch under bug number 1489683 which is available for download .....
From the Oracle release:
Oracle has fixed this vulnerability in Oracle9i. Oracle is in the process of backporting the fix to supported Oracle8i database server and Release 8.1.7 and 8.1.6 ...... I will attempt to contact the security product manager over there and let everyone know if I find anything out. Aaron C. Newman CTO/Founder Application Security, Inc. 212-490-6022 anewman () appsecinc com www.appsecinc.com -Protection Where It Counts- -----Original Message----- From: bugtraq-return-673-aaron=newman-family.com () securityfocus com [mailto:bugtraq-return-673-aaron=newman-family.com () securityfocus com]On Behalf Of Jeffrey M. Smith Sent: Friday, June 29, 2001 12:54 PM To: COVERT Labs; bugtraq () securityfocus com Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
o Resolution Oracle has produced a patch under bug number 1489683 which is available for download from the Oracle Worldwide Support Services web site, Metalink (http://metalink.oracle.com) for the platforms identified in this advisory. The patch is in production for all supported releases of the Oracle Database Server.
It may be premature to say there is a resolution to this problem or the other reported problem ([COVERT-2001-03] Oracle 8i SQLNet Header Vulnerability). I have searched the metalink site for several hours trying to find a bug report that references either of these problems or the patches, to no avail. I've also searched for the patch on Oracle's ftp server ftp-oracle.oracle.com, also without success. There are at least 3 articles posted to the internal metalink networking forum from Oracle users who haven't been able to locate the patches. I have opened a "TAR" with Oracle to request the patches, but has anyone been able to locate either of these patches or the corresponding bug reports on metalink? Jeff Smith, Purdue University
Current thread:
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 02)
- <Possible follow-ups>
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 02)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 07)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Martin Macok (Jul 12)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 15)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener ian stanley (Jul 15)
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 16)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 07)