Re: Security privilege escalation

From: Maris Elsins <elmaris_at_gmail.com>
Date: Tue, 12 Jul 2022 19:43:05 +0300
Message-ID: <CABQhObubX0AmOJtv3UW+qc+zSx1bUJ6K30b7ONWBh9KHPKddBg_at_mail.gmail.com>

There's a special email address to report security issues. https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html

---
Māris Elsiņš




On Tue, Jul 12, 2022 at 7:38 PM Clay Jackson <dmarc-noreply_at_freelists.org>
wrote:



> What JL said; or, perhaps follow this process.


>

>

>

> CERT Vulnerability Notes Database

> <https://www.kb.cert.org/vuls/report/#:~:text=Report%20a%20Vulnerability%20Before%20reporting%20any%20vulnerabilities%20to,policy%20and%20guidance%20before%20submitting%20a%20vulnerability%20report.>

>

>

>

> Clay Jackson

>

>

>

>

>

> *From:* oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org> *On

> Behalf Of *Noveljic Nenad

> *Sent:* Tuesday, July 12, 2022 9:20 AM

> *To:* ORACLE-L <oracle-l_at_freelists.org>

> *Subject:* Security privilege escalation

>

>

>

> *CAUTION:* This email originated from outside of the organization. Do not

> follow guidance, click links, or open attachments unless you recognize the

> sender and know the content is safe.

>

>

>

> I found a way to escalate privileges from grid to root.

>

>

>

> Am I allowed to publish the information on my blog?

>

>

>

> Best regards,

>

>

>

> Nenad

>

> ____________________________________________________

>

> Please consider the environment before printing this e-mail.

>

> Bitte denken Sie an die Umwelt, bevor Sie dieses E-Mail drucken.

>

>

> Important Notice

>

> This message is intended only for the individual named. It may contain

> confidential or privileged information. If you are not the named addressee

> you should in particular not disseminate, distribute, modify or copy this

> e-mail. Please notify the sender immediately by e-mail, if you have

> received this message by mistake and delete it from your system.

> Without prejudice to any contractual agreements between you and us which

> shall prevail in any case, we take it as your authorization to correspond

> with you by e-mail if you send us messages by e-mail. However, we reserve

> the right not to execute orders and instructions transmitted by e-mail at

> any time and without further explanation.

> E-mail transmission may not be secure or error-free as information could

> be intercepted, corrupted, lost, destroyed, arrive late or incomplete. Also

> processing of incoming e-mails cannot be guaranteed. All liability of

> Vontobel Holding Ltd. and any of its affiliates (hereinafter collectively

> referred to as "Vontobel Group") for any damages resulting from e-mail use

> is excluded. You are advised that urgent and time sensitive messages should

> not be sent by e-mail and if verification is required please request a

> printed version.

> Please note that all e-mail communications to and from the Vontobel Group

> are subject to electronic storage and review by Vontobel Group. Unless

> stated to the contrary and without prejudice to any contractual agreements

> between you and Vontobel Group which shall prevail in any case,

> e-mail-communication is for informational purposes only and is not intended

> as an offer or solicitation for the purchase or sale of any financial

> instrument or as an official confirmation of any transaction.

> The legal basis for the processing of your personal data is the legitimate

> interest to develop a commercial relationship with you, as well as your

> consent to forward you commercial communications. You can exercise, at any

> time and under the terms established under current regulation, your rights.

> If you prefer not to receive any further communications, please contact

> your client relationship manager if you are a client of Vontobel Group or

> notify the sender. Please note for an exact reference to the affected group

> entity the corporate e-mail signature. For further information about data

> privacy at Vontobel Group please consult www.vontobel.com

> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.vontobel.com%2F&data=05%7C01%7Cclay.jackson%40quest.com%7Cb85d19f61faf46ef887408da642269ce%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637932396233701443%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5pJOdvHib7R9p38drU0vf%2Bocw%2B0Yj879K%2Fl690lKFto%3D&reserved=0>

> .

>


--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jul 12 2022 - 18:43:05 CEST

This message: [ Message body ]
Next message: Noveljic Nenad: "RE: Security privilege escalation"
Maybe in reply to: Noveljic Nenad: "Security privilege escalation"
In reply to Clay Jackson: "RE: Security privilege escalation"
Next in thread: Noveljic Nenad: "RE: Security privilege escalation"
Reply: Noveljic Nenad: "RE: Security privilege escalation"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message