Full Disclosure mailing list archives
Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow
From: Cesar <cesarc56 () yahoo com>
Date: Thu, 5 Feb 2004 17:13:37 -0800 (PST)
Don't worry, Oracle sucks, probably they won't say anything. Just to clarify(oh my god, i feel sorry about Oracle users, it's a pain in the ass to find the correct patches, to install them, etc.) the patch that fix these vulnerabilities is Patch 3 from January 2 it goes on top of Patchset 3 (9.2.0.4). If you (all people) don't understand don't worry i also don't understand much this Oracle patch stuff:), but if you are paying to get the patches and support then it should be easy, shouldn't be? Cesar. --- Chris Anley <chris () ngssoftware com> wrote:
Hey Chris.Hey Cesar.First of all, your advisories are a bit wrong: ...Systems Affected: Oracle 9 prior to 9.2.0.3 Actually Systems affected are Oracle 9 prior to 9.2.0.4 (Patchset 3). The date in Metalink site of the Patch that fixes these vulnerabilities is January 2 and youradvisoriesare from December. I could be wrong, Oracle patches numeration,dates,etc. really sucks, but you could be wrong too astheversion of Oracle your advisory said it wasaffected:).Interesting. The information we had direct from Oracle was that these issues were fixed in 9.2.0.3. Perhaps Oracle could resolve the discrepancy? I'm willing to believe that either, or neither of us is right :o)The fact is that i contacted Oracle before the fixwasavailable, they released the fix and they didn'ttoldme anything, they didn't released any public alertandyour advisory isn't in any public list, it's onlyonyour site. Finally, given that the date of thepatchthat fixes these vulns is January 2, you publishedtheadvisories in your site before the fix wasavailable.Again i could be wrong.As I say, we had definitive information from Oracle that the issues were fixed in 9.2.0.3; we've heard nothing to the contrary from Oracle or anyone else up until your post. So it would be good to get to the bottom of this; there's definitely a communication breakdown somewhere.BTW: i'm curious, Why you didn't posted those advisories to public mailing lists?As far as we were concerned, these were old bugs. If current versions aren't affected, or if the bugs are of low severity, we tend not to issue advisories to mailing lists. -chris. _______________________________________________ Full-Disclosure - We believe in it. Charter:
http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Yahoo! Finance: Get your refund fast by filing online. http://taxes.yahoo.com/filing.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Cesar (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Chris Anley (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Cesar (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Chris Anley (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Cesar (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Cesar (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Cesar (Feb 05)
- Re: Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow Chris Anley (Feb 05)