mailing list archives
Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory
From: Security Alerts <secalert_us () ORACLE COM>
Date: Thu, 18 Jan 2001 16:04:18 -0600
Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet
Several potential buffer overflow vulnerabilities have been discovered
in the Oracle Internet Directory executables 'oidldapd' and 'oidmon'.
These vulnerabilities were originally found in Oracle Internet Directory
(OID) 2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta
Oracle recommends that customers implement the following workaround:
change the file permissions to 710 on the 'oidldapd' and 'oidmon'
executables. These permissions will limit access (to the executables) to
a small, privileged group of users on the host machine.
Oracle has comprehensively fixed these vulnerabilities in the OID 2.0,
Release 184.108.40.206, patch set on Solaris and in the forthcoming OID 2.1,
Release 220.127.116.11, patch set. The OID 18.104.22.168 patch set is available on
Metalink, Oracle's Support Services site, http://metalink.oracle.com.
Oracle intends to produce this patch on additional platforms as well.
Oracle would like to thank Juan Manuel Pascual EscribÃ for discovering
these vulnerabilities and promptly bringing them to Oracle's attention.
- Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory Security Alerts (Jan 19)