RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener

["Jeffrey M. Smith" <jsmith () purdue edu>]

> o Resolution
>
> Oracle has produced a patch under bug number 1489683 which is
> available for download from the Oracle Worldwide Support Services
> web site, Metalink (http://metalink.oracle.com) for the platforms
> identified in this advisory. The patch is in production for all
> supported releases of the Oracle Database Server.

It may be premature to say there is a resolution to this problem or the
other reported problem ([COVERT-2001-03] Oracle 8i SQLNet Header
Vulnerability). I have searched the metalink site for several hours trying
to find a bug report that references either of these problems or the
patches, to no avail. I've also searched for the patch on Oracle's ftp
server ftp-oracle.oracle.com, also without success. There are at least 3
articles posted to the internal metalink networking forum from Oracle users
who haven't been able to locate the patches.

I have opened a "TAR" with Oracle to request the patches, but has anyone
been able to locate either of these patches or the corresponding bug reports
on metalink?

Jeff Smith, Purdue University