Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener

[Martin Macok <martin.macok () underground cz>]

On Fri, Jul 06, 2001 at 07:24:04PM -0300, Jair Pedro wrote:
> After reading the article, I went to oracle to download the patch
> and was very surprised that in order do download the patch I would
> have to Pay!!! To access the restrict area where I could get the
> patches I would have to had a contract with them, which costs about
> 22% of the licence I already have.

Tomas Pecina (tomas () pecina cz) asked Oracle company (Oracle Czech,
s.r.o) about this (wondering if they're violating customer's rights).

They gave as official respond in CZECH LANGUAGE (you can find it at
"http://underground.cz/661"; in Czech language only) which states:
 (excuse my bad english translation)

 =========

[snipped things like "we're best, secure ... blabla ... technical
support is great ... 90% of our customers have techsupp ..." ]

 "Customers who owns valid commercial licences in guarantee period
 will be provided bugfixes for free at no costs automatically.
 Other customers who owns valid commercial licences with guarantee
 period passed away will be provided bugfixes FOR FREE AT NO COSTS
 too IF THEY ASK FOR IT THE OFFICIAL WAY. Oracle company strongly
 respects security and contentment of their customers"

[snip]

 =========

So this sounds like customers do NOT have to pay. But it's not
anything good for their customers to HAVE TO ASK for updates and wait
for it instead of just simply download it from the web. All customers
should be provided all bugfixes as fast and as easy as possible, no
debate. Having to ask and wait for it is just a pain and provides no
security and no contentment for customers.

Have a nice day

-- 
   Martin Mačok
  underground.cz
    openbsd.cz