[indo-oracle] Re: Tanya patch Oracle 9

[Ervin Listyawan]

Berarti package-2x tsb mesti digrant ke user tertentu (misal sys, 
sysdba, user lain) dan mesti dicabut dong grant yang ke public tsb 
(pakai revoke), satu per satu?

Apakah ini memungkinkan (krn defaultnya kan ke public)? Berarti kalau 
create user, mesti tambah grant manual. Atau bagaimana kalau digrant-
kan ke role yang defaultnya user pasti butuh (misal connect)?

Apakah ini menyelesaikan masalah vulnerability tsb?

Rgds

Ervin L

--- In indo-oracle@yahoogroups.com, Tomi Wijanto <[EMAIL PROTECTED]> 
wrote:
>
> Belum apply patchnya. Cuma patch yg ini termasuk
> critical karena memperbaiki cukup banyak lubang dalam
> hal privilege user (yg harusnya gak boleh dilakukan
> ternyata bisa diakalin, biasanya melalui package
> standar yg di-grant ke public scr default).
> 
> website ini cukup membantu
> http://www.red-database-
security.com/advisory/oracle_cpu_apr_2006.html
> 
> 
> Bagaimana mengecek vulnerability database?
> Check saja versi database bersangkutan.
> Kalau tidak sempat apply patch, maka privilege execute
> package2 bersangkutan yg di grant ke public bisa
> dihilangkan dulu..
> 
> regards,
> tomi
> 
> --- Ervin Listyawan <[EMAIL PROTECTED]> wrote:
> 
> > Saya lihat di http://www.us-cert.gov/ kalau Oracle
> > punya multiple 
> > vulnerabilites, dan saya cek di website Oracle ada
> > beberapa critical 
> > update April 2006 
> >
> 
(http://www.oracle.com/technology/deploy/security/pdf/cpuapr2006.html)
.
> > 
> > Ada yang sudah coba belum, dan criticalnya sendiri
> > bagaimana tingkat 
> > bahayanya, bagaimana checking vulnerabilities tsb?
> > 
> > Regards,
> > 
> > Ervin L
> > 
> > 
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com
>










--
-----------I.N.D.O - O.R.A.C.L.E---------------
Keluar: [EMAIL PROTECTED]
Website: http://indo-oracle.lizt.org (NEW)
-----------------------------------------------

Bergabung dengan Indonesia Thin Client User Groups, 
Terminal Server, Citrix, New Moon Caneveral, di:
http://indo-thin.vze.com





    


  
  
    SPONSORED LINKS
  
          
                  
            
        Membership database software
      
                      
        Database mortgage software
      
                      
        Pda database software
      
              
                        
            
        Database management software
      
                      
        Oracle database administration
      
                      
        Oracle database management
      
              
                    
           
  







  
  
  YAHOO! GROUPS LINKS



   Visit your group "indo-oracle" on the web. 
   To unsubscribe from this group, send an email to: [EMAIL PROTECTED] 
   Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.