Oracle-L: alert 54

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Wed, 30 Apr 2003 09:11:52 -0800
Message-ID: <F001.0058CCDC.20030430091152@fatcity.com>

http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf

Oracle Security Alert 54
Dated: April 25, 2003
Severity: 2
Buffer Overflow in Oracle Net Services for Oracle Database Server
Description
A potential security vulnerability has been discovered in Oracle Net Services for the Oracle Database server. A knowle dgeable and malicious user can cause a buffer overflow in an Oracle database link that may result in a Denial of Service (DoS) attack and/or the execution of arbitrary code against the Oracle Database server. Products Affected

  Oracle9i Release 2
  Oracle9i Release 1
  Oracle8i (8.1.x . all releases)
  Oracle8 (8.0.x . all releases)
  Oracle7 Release 7.3.x

I wonder if the one-off patch can be applied to "supported" 8i servers that have been one-off patched already?

Ray Stell stellr_at_vt.edu (540) 231-4109 KE4TJC 28^D
--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Ray Stell
INET: stellr_at_cns.vt.edu

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------

To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Wed Apr 30 2003 - 12:11:52 CDT