Bugtraq mailing list archives
Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
From: ian stanley <iandstanley () users sourceforge net>
Date: Fri, 13 Jul 2001 16:47:57 +0100
On Friday 06 July 2001 23:24, Jair Pedro wrote:
After reading the article, I went to oracle to download the patch and was very surprised that in order do download the patch I would have to Pay!!! To access the restrict area where I could get the patches I would have to had a contract with them, which costs about 22% of the licence I already have. I tried to explain them by phone and email that was not my fault the fact that their product had this serious security flaw and all they said was their assistance in free basis was only during the first 3 months after install and "you would have a lot of advantages signing our support services".
Depending on your country of origin - you could have some consumer protection. eg. in the UK you would probably be supported by /the sale of goods act/ in as much as the security of the product ought to be considered critical to the enterprise concerned - and thus the product be /unfit for the purpose intended/. Never mind the fact that they may have shipped faulty goods. Even the possibility of a potential court case being filed against oracle based ont he being unfit for the purpose - would be rather embarrasing for oracle.
I dont want support as far we have almost half a ton of books on our development department and all the news group on the internet... There is nothing I can do now, except to pay to correct their very own error, but, on my company, I do not intend to deploy any others product which similiar politic$ for patches. The next time we need a database, it will not be an Oracle. I'd like to hear from the list if there are others companies/products with such an absurd policy. tks Jair ----- Original Message ----- From: "Aaron C. Newman" <aaron () newman-family com> To: "Jeffrey M. Smith" <jsmith () purdue edu>; <bugtraq () securityfocus com> Sent: Friday, June 29, 2001 8:06 PM Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS ListenerI also could not locate a patch or even a reference to the bug id either.
Current thread:
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 02)
- <Possible follow-ups>
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 02)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 07)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Martin Macok (Jul 12)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 15)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener ian stanley (Jul 15)
- RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Aaron C. Newman (Jul 16)
- Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener Jair Pedro (Jul 07)