Home page logo
/

bugtraq logo Bugtraq mailing list archives

Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory
From: Security Alerts <secalert_us () ORACLE COM>
Date: Thu, 18 Jan 2001 16:04:18 -0600

Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet
Directory

Description:
Several potential buffer overflow vulnerabilities have been discovered
in the Oracle Internet Directory executables 'oidldapd' and 'oidmon'.
These vulnerabilities were originally found in Oracle Internet Directory
(OID) 2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta
release.)

Workaround:
Oracle recommends that customers implement the following workaround:
change the file permissions to 710 on the 'oidldapd' and 'oidmon'
executables. These permissions will limit access (to the executables) to
a small, privileged group of users on the host machine.

Patch Information:
Oracle has comprehensively fixed these vulnerabilities in the OID 2.0,
Release 2.0.6.3, patch set on Solaris and in the forthcoming OID 2.1,
Release 2.1.1.1, patch set. The OID 2.0.6.3 patch set is available on
Metalink, Oracle's Support Services site, http://metalink.oracle.com.
Oracle intends to produce this patch on additional platforms as well.

Credits:
Oracle would like to thank Juan Manuel Pascual Escribà for discovering
these vulnerabilities and promptly bringing them to Oracle's attention.


  By Date           By Thread  

Current thread:
  • Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory Security Alerts (Jan 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]