Bugtraq mailing list archives
RE: Oracle Vulnerability Discovered in OID
From: Dave Lee <daverlee () yahoo com>
Date: Fri, 20 Jul 2001 13:37:26 -0700 (PDT)
This was covered in CERT Advisory CA-2001-18, posted to bugtraq by aleph1 on July 17th. The posting is a bit miss leading and has Oracle 8i Enterprise Edition listed rather than Oracle Internet Directory (OiD). - Dave Lee In CERTs defense OiD does ship with the Enterprise Edition, but that is kind of like listing Win2K is vulnerable when it is an Exchange issue.
-----Original Message----- From: Aaron C. Newman [mailto:aaron () newman-family com] Sent: Friday, July 20, 2001 11:37 AM To: BUGTRAQ Subject: Oracle Vulnerability Discovered in OID There's a new vulnerability discovered in the Oracle Internet Directory (Oracle's LDAP server). It has been in the database since 7/16, but I haven't seen it mentioned here yet. Here are links to the details of the advisory: "Oracle Internet Directory contains multiple vulnerabilities in LDAP handling code" http://www.kb.cert.org/vuls/id/869184 http://www.securityfocus.com/bid/3047
http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
Regards, Aaron C. Newman CTO/Founder Application Security, Inc. 212-490-6022 anewman () appsecinc com www.appsecinc.com -Protection Where It Counts-
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Current thread:
- RE: Oracle Vulnerability Discovered in OID Dave Lee (Jul 23)
- RE: Oracle Vulnerability Discovered in OID Jonathan (Listserv Account) (Jul 25)