1. 343382.1 says, "One vulnerability (DBC02) is in a utility that can be forced to terminate if given long arguments, potentially allowing code of an attacker's choice to be executed. However, this utility is not installed with setuid (elevated) privileges, so the risk that it can be effectively exploited is very low." Do we know if a patched server vulnerable to this client issue? Isn't is a bit absurd to think the risk is low because of the default install characteristics? What, black hats don't know how to use the chmod cmd? 2. 343384.1 says, "Please do not open an issue with Support for additional information on the vulnerabilities. So, how do I get an answer to the above questions? 3. I asked these questions on the metalink unix installation forum yesterday. Today, my note is gone. "I'm speechless, I am without speech." -- //www.freelists.org/webpage/oracle-l