cpujan2006 client issues

• From: Ray Stell <stellr@xxxxxxxxxx>
• To: oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Tue, 31 Jan 2006 08:57:01 -0500

1.  343382.1 says, "One vulnerability (DBC02) is in a utility that can
be forced to terminate if given long arguments, potentially allowing
code of an attacker's choice to be executed. However, this utility is
not installed with setuid (elevated) privileges, so the risk that it
can be effectively exploited is very low."

 Do we know if a patched server vulnerable to this client issue?

 Isn't is a bit absurd to think the risk is low because of
 the default install characteristics?  What, black hats
 don't know how to use the chmod cmd?

2. 343384.1 says, "Please do not open an issue with Support for additional
information on the vulnerabilities.

 So, how do I get an answer to the above questions?

3. I asked these questions on the metalink unix installation forum yesterday.
Today, my note is gone.  "I'm speechless, I am without speech."
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues
• » Re: cpujan2006 client issues

1. Home
2. oracle-l
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---