| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Unix Security PSA
Hello gang,
I usually wouldn't muck around with stuff like this on an Oracle list, but there's two major security vulnerabilities out in the last few days for *nix boxen that create remote root exploitable situations. One is with OpenSSH:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693
Basically, all versions before 3.7 have a remotely exploitable buffer overflow - I am unsure whether exploits have been seen in the wild.
The other is with sendmail:
http://www.sendmail.org/8.12.10.html
while this is a remotely exploitable situation, no known exploits exist in the wild (yet).
I know just about every vendor has ssh patches already - the sendmail one may be a bit too new for vendor-supplied patches, but give them a call and start haranguing them.
I promise, I'll avoid this in the future, but hopefully some of y'all will get your SAs to patch up your servers.
Good luck,
Matt
--
Matthew Zito
GridApp Systems
Email: mzito_at_gridapp.com
Cell: 646-220-3551
Phone: 212-358-8211 x 359
http://www.gridapp.com
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Matthew Zito
INET: mzito_at_gridapp.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting servicesto: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Wed Sep 17 2003 - 17:34:43 CDT
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
 |
 |