Bugtraq mailing list archives
Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent
From: adrian () MSTG NET (David Adrian)
Date: Mon, 3 May 1999 14:31:46 +0000
John Ritchie wrote:
On Fri, 30 Apr 1999, Anthony Clarke wrote: When I pressed them as to whether or not they would release patches and information to users who already have 8.0.5 installed they said they had no mechanism to do that. In other words, YOYO. (They could learn something about patch releases and access from their good buddies at Sun). So if you've installed Oracle's Intelligent Agent or aren't sure if it's installed then check your oratclsh and fix that bit. The only systems I've had experience on are 8.0.5 for Solaris and Linux but I'd check any 8.x release on any platform if it were mine. John Ritchie Systems Software Analyst Oregon University System
I patched my Linux version of oracle to 8.0.5.1. When I checked for this vulnerability, the suid bit was not set, and the ownership of oratclsh was oracle.oracle. So it seems likely that upgrading to 8.0.5.1 will fix the problem. On Linux, this was necessary to fix many other nasty bugs anyway. David Adrian temp99 () mstg net
Current thread:
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent John Ritchie (Apr 30)
- <Possible follow-ups>
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Markus Friedl (May 01)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Dave Diehl (May 03)
- NAI AntiVirus Update Problem Simple Nomad (Oct 29)
- Re: NAI AntiVirus Update Problem Simple Nomad (May 05)
- Follow up - Domain user to Domain Admin - Profiles and the Mnemonix (May 05)
- Re: Oracle Intellegent agent installedoracle-digested Kis-Szabo Andras (May 03)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Dave Diehl (May 03)
- anonymizing unix van Hauser (May 03)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent David Adrian (May 03)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Jeff Long (May 03)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Paul Diehl (May 04)
- Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent Yung-Sheng Tang (May 05)