RE: Oracle Vulnerability Discovered in OID

[Dave Lee <daverlee () yahoo com>]

This was covered in CERT Advisory CA-2001-18, posted
to bugtraq by aleph1 on July 17th. The posting is a
bit miss leading and has Oracle 8i Enterprise Edition
listed rather than Oracle Internet Directory (OiD). 

- Dave Lee

In CERTs defense OiD does ship with the Enterprise
Edition, but that is kind of like listing Win2K is
vulnerable when it is an Exchange issue.  




> -----Original Message-----
> From: Aaron C. Newman
> [mailto:aaron () newman-family com] 
> Sent: Friday, July 20, 2001 11:37 AM
> To: BUGTRAQ
> Subject: Oracle Vulnerability Discovered in OID
>
>
> There's a new vulnerability discovered in the Oracle
> Internet Directory
> (Oracle's LDAP server). It has been in the database
> since 7/16, but I
> haven't seen it mentioned here yet.
>
> Here are links to the details of the advisory:
>
> "Oracle Internet Directory contains multiple
> vulnerabilities in LDAP
> handling code"
> http://www.kb.cert.org/vuls/id/869184
>
> http://www.securityfocus.com/bid/3047
http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf
> Regards,
> Aaron C. Newman
> CTO/Founder
> Application Security, Inc.
> 212-490-6022
> anewman () appsecinc com
> www.appsecinc.com
> -Protection Where It Counts-


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/