Re: Security Alert #68 - patchsets required on client software also?
- From: Niall Litchfield <niall.litchfield@xxxxxxxxx>
- To: bdbafh@xxxxxxxxx
- Date: Tue, 21 Sep 2004 09:43:49 +0100
comments as ever
On Mon, 20 Sep 2004 16:10:39 -0400, Paul Drake <bdbafh@xxxxxxxxx> wrote:
> I'm really hoping that Oracle changes their position on this one ...
> but in case someone has already obtained more info on this issue
> already ...
I'd also like more info, but if the client is affected - and I was
wondering how it wouldn't be for some of the vulnerabilities - then
just patching the server/app server seems to only be doing half a job.
> What is your company's position on applying the patchsets covered by
> Oracle Security Alert #68 - to the Oracle Client Software already
> installed on desktops and application servers (not the Oracle Database
> server(s)).
we'd do the app servers as a matter of course - 3000 remote laptops is
a somewhat different proposition. I haven't looked at doing that yet,
in the past we have used SMS I'm not sure whether we'd go that way
here.
> This is mentioned (in no detail) in the following doc:
>
> http://metalink.oracle.com/metalink/plsql/showdoc?db=Not&id=282108.1
>
> Item #21.
>
> 21. Is the Database Client install equally vulnerable?
>
> Yes, according to Development, all database clients on all
> versions have to be patched also. The same patch for the database
> server can be applied on the client installation also.
>
> thanks in advance for your opinions.
Sounds like the persdon writing the patch note doesn't know what the
patch does....
--
Niall Litchfield
Oracle DBA
http://www.niall.litchfield.dial.pipex.com
--
//www.freelists.org/webpage/oracle-l
Other related posts:
