Bugtraq mailing list archives
Re: Oracle 8 root exploit
From: alan () CLUESERVER ORG (Alan Olsen)
Date: Fri, 19 Nov 1999 15:19:11 -0800
On Tue, 16 Nov 1999, Chris Calabrese wrote:
I just tested some machines both with and without Oracle's patch for the bug related to trusting $ORACLE_HOME when calling dbsnmp. Good news. The patch does indeed address the bug related to using sym-links from ./dbsnmpc.log and ./dbsnmpw.log to over-write root-owned files that Brock Teller reported on the other day. However, Intelligent Agent 8.1.5 (the version Brock reported on) does not have a patch available for it. This is pretty strange considering that there's a patch for 8.0.5 and that other 8.0.6 and 8.1.x releases don't have the vulnerability.
Are there patches for earlier versions of Oracle? (Specifically 7.3.4.)
The exploit works on that version as well.
alan () ctrl-alt-del com | Note to AOL users: for a quick shortcut to reply
Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
"In the future, everything will have its 15 minutes of blame."
Current thread:
- Oracle 8 root exploit Tellier, Brock (Nov 13)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 15)
- Re: Oracle 8 root exploit Jared Still (Nov 16)
- <Possible follow-ups>
- Re: Oracle 8 root exploit Martin Mevald (Nov 15)
- Re: Oracle 8 root exploit Antonomasia (Nov 15)
- Re: Oracle 8 root exploit Elias Levy (Nov 16)
- Re: Oracle 8 root exploit Adam and Christine Levin (Nov 16)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 16)
- Re: Oracle 8 root exploit Alan Olsen (Nov 19)
- [RHSA-1999:055-01] Denial of service attack in syslogd Bill Nottingham (Nov 19)
- [ COBALT ] Security Advisory - syslog Jeff Bilicki (Nov 20)
- IE 5.0 XML HTTP redirect problems Georgi Guninski (Nov 22)
- DoS with sysklogd, glibc (Caldera) Alfred Huger (Nov 22)
- Re: DoS with sysklogd, glibc (Caldera) Balazs Scheidler (Nov 22)
- Re: Oracle 8 root exploit Steve D'Angona (Nov 18)
- Re: Oracle 8 root exploit Chris Calabrese (Nov 18)