RE: Oracle CERT Advisory
I think that Oracle's bravado has translated into lower share prices recently... : ( Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) -Original Message- Sent: Thursday, March 21, 2002 10:48 AM To: Multiple recipients of list ORACLE-L Subject: RE: Oracle CERT Advisory Thanks Patrice for sharing this info. So much for "Can't break it. Can't break in. Unbreakable" marketing jingle. Lisa Koivu Oracle Database Something. Fairfield Resorts, Inc. 954-935-4117 > -Original Message- > From: Boivin, Patrice J [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 10:08 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: Oracle CERT Advisory > > CERT is working on a "how to fix your Oracle DB" paper, you can ask for a > copy at [EMAIL PROTECTED] > > Oracle security problems may be more prevalent than previously reported. > Pete Finnegan, with the help of many of the other Oracle security gurus > around the world, has completed a first draft of SANS new Oracle Security: > Step-by-Step guide. We are distributing the list of Oracle security > problems to be sure we have addressed all the known issues. We'll share > the > solutions sections with those people who provide substantive feedback on > the > problems. If you know a lot about Oracle security and *will* provide > feedback, please email [EMAIL PROTECTED] with the subject "Oracle security > problems" and we will email you a copy. Include your name, organization, > city, state, and country. > Alan > > Regards, > Patrice Boivin > Systems Analyst (Oracle Certified DBA) > > Systems Admin & Operations | Admin. et Exploit. des systèmes > Technology Services| Services technologiques > Informatics Branch | Direction de l'informatique > Maritimes Region, DFO | Région des Maritimes, MPO > > E-Mail: [EMAIL PROTECTED] > > > -----Original Message- > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 9:43 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: Oracle CERT Advisory > > Check http://otn.oracle.com/deploy/security/alerts.htm > > Hemant K Chitale > Principal DBA > Chartered Semiconductor Manufacturing Ltd > > [This e-mail is confidential and may also be privileged. If you are not > the > intended recipient, please delete it and notify us immediately; you should > not copy or use it for any purpose, nor disclose its contents to any other > person. Thank you.] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Boivin, Patrice J > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Koivu, Lisa INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boivin, Patrice J INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858
RE: Oracle CERT Advisory
Thanks Patrice for sharing this info. So much for "Can't break it. Can't break in. Unbreakable" marketing jingle. Lisa Koivu Oracle Database Something. Fairfield Resorts, Inc. 954-935-4117 > -Original Message- > From: Boivin, Patrice J [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 10:08 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: Oracle CERT Advisory > > CERT is working on a "how to fix your Oracle DB" paper, you can ask for a > copy at [EMAIL PROTECTED] > > Oracle security problems may be more prevalent than previously reported. > Pete Finnegan, with the help of many of the other Oracle security gurus > around the world, has completed a first draft of SANS new Oracle Security: > Step-by-Step guide. We are distributing the list of Oracle security > problems to be sure we have addressed all the known issues. We'll share > the > solutions sections with those people who provide substantive feedback on > the > problems. If you know a lot about Oracle security and *will* provide > feedback, please email [EMAIL PROTECTED] with the subject "Oracle security > problems" and we will email you a copy. Include your name, organization, > city, state, and country. > Alan > > Regards, > Patrice Boivin > Systems Analyst (Oracle Certified DBA) > > Systems Admin & Operations | Admin. et Exploit. des systèmes > Technology Services| Services technologiques > Informatics Branch | Direction de l'informatique > Maritimes Region, DFO | Région des Maritimes, MPO > > E-Mail: [EMAIL PROTECTED] > > > -----Original Message- > [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, March 20, 2002 9:43 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: Oracle CERT Advisory > > Check http://otn.oracle.com/deploy/security/alerts.htm > > Hemant K Chitale > Principal DBA > Chartered Semiconductor Manufacturing Ltd > > [This e-mail is confidential and may also be privileged. If you are not > the > intended recipient, please delete it and notify us immediately; you should > not copy or use it for any purpose, nor disclose its contents to any other > person. Thank you.] > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Boivin, Patrice J > INET: [EMAIL PROTECTED] > > Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 > San Diego, California-- Public Internet access / Mailing Lists > > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Koivu, Lisa INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle CERT Advisory
CERT is working on a "how to fix your Oracle DB" paper, you can ask for a copy at [EMAIL PROTECTED] Oracle security problems may be more prevalent than previously reported. Pete Finnegan, with the help of many of the other Oracle security gurus around the world, has completed a first draft of SANS new Oracle Security: Step-by-Step guide. We are distributing the list of Oracle security problems to be sure we have addressed all the known issues. We'll share the solutions sections with those people who provide substantive feedback on the problems. If you know a lot about Oracle security and *will* provide feedback, please email [EMAIL PROTECTED] with the subject "Oracle security problems" and we will email you a copy. Include your name, organization, city, state, and country. Alan Regards, Patrice Boivin Systems Analyst (Oracle Certified DBA) Systems Admin & Operations | Admin. et Exploit. des systèmes Technology Services| Services technologiques Informatics Branch | Direction de l'informatique Maritimes Region, DFO | Région des Maritimes, MPO E-Mail: [EMAIL PROTECTED] -Original Message- [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 20, 2002 9:43 PM To: Multiple recipients of list ORACLE-L Subject:RE: Oracle CERT Advisory Check http://otn.oracle.com/deploy/security/alerts.htm Hemant K Chitale Principal DBA Chartered Semiconductor Manufacturing Ltd [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediately; you should not copy or use it for any purpose, nor disclose its contents to any other person. Thank you.] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Boivin, Patrice J INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle CERT Advisory
Check http://otn.oracle.com/deploy/security/alerts.htm Hemant K Chitale Principal DBA Chartered Semiconductor Manufacturing Ltd [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediately; you should not copy or use it for any purpose, nor disclose its contents to any other person. Thank you.] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Oracle CERT Advisory
Hi, I searched the metalink for vulnerability with Oracle 8I database and only found the article below : Doc ID : Note:151292.1 Content Type: TEXT/PLAIN Fragmentation AttackCreation Date: 02-JUL-2001 Type: ALERT Last Revision Date: 03-FEB-2002 Besides this article, is there any patch that one should apply for the Oracle 8I database ? Please advise. Thanks. Regds, New Bee -Original Message- From: Ray Stell [mailto:[EMAIL PROTECTED]] Sent: Saturday, March 16, 2002 1:50 AM To: Multiple recipients of list ORACLE-L Subject:Re: Oracle CERT Advisory On Fri, Mar 15, 2002 at 04:08:37AM -0800, Boivin, Patrice J wrote: > http://www.cert.org/advisories/CA-2002-08.html > -- At the top of this page it lists 8i Database in the "Systems Affected". But there are no entries for 8i in the advisory. I called CERT and they said, "hmmm...". I'm waiting on a more detailed report from them. I'll post it when they reply. === Ray Stell [EMAIL PROTECTED] (540) 231-4109 KE4TJC 28^D -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ray Stell INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: CHAN Chor Ling Catherine (CSC) INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Oracle CERT Advisory
On Fri, Mar 15, 2002 at 04:08:37AM -0800, Boivin, Patrice J wrote: > http://www.cert.org/advisories/CA-2002-08.html > -- At the top of this page it lists 8i Database in the "Systems Affected". But there are no entries for 8i in the advisory. I called CERT and they said, "hmmm...". I'm waiting on a more detailed report from them. I'll post it when they reply. === Ray Stell [EMAIL PROTECTED] (540) 231-4109 KE4TJC28^D -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Ray Stell INET: [EMAIL PROTECTED] Fat City Network Services-- (858) 538-5051 FAX: (858) 538-5051 San Diego, California-- Public Internet access / Mailing Lists To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
