RE: Oracle Vulnerability Issue - URGENT

RE: Oracle Vulnerability Issue - URGENT

 

  

Patch set 3 had a lot of bugs in it down load and apply patch set 4

-----Original Message-----
From: gaurav
[mailto:oracledba-ezmlmshield-x52210049.[Email address protected]
Sent: Monday, 28 February 2005 20:53
To: LazyDBA Discussion
Subject: Oracle Vulnerability Issue - URGENT



Hi All,

An urgent help required regarding the Oracle vulnerability issue of
Oracle
Database Server multiple functions buffer overflow .The details are as
follows :

Issue : Oracle9i Database Servers prior to Oracle 9i Database Release 2
version 9.2.0.3 are vulnerable to buffer overflows in the
NUMTOYMINTERVAL, NUMTODSINTERVAL, FROM_TZ functions and in the TIME_ZONE

environment variable, caused by improper bounds checking. A remote
authenticated attacker could supply a long parameter to overflow a
buffer
and cause the server to crash or to execute arbitrary code on the
system.

Remedy:
Apply the appropriate patch to your system, available from the Oracle
MetaLink Web site. See References.

I had visited Metalink and searched through many sites but couldn't get
any patchset for my databases using the following versions (9.0.1.1.1 &
9.2.0.1.0 ).
Would appreciate if anyone can please send me the patchset number to be
applied and link if possible for the same.

Thanks & Regards,
Gaurav


Notice: The information contained in this e-mail message and/or
attachments to it may contain confidential or privileged information.
If you are not the intended recipient, any dissemination, use, review,
distribution, printing or copying of the information contained in this
e-mail message and/or attachments to it are strictly prohibited. If
you have received this communication in error, please notify us by reply
e-mail or telephone and immediately and permanently delete the message
and any attachments. Thank you


--------
website: http://www.LazyDBA.com
Please don't reply to RTFM questions
Oracle documentation is here: http://tahiti.oracle.com
To unsubscribe: see http://www.lazydba.com/unsubscribe.html
To subscribe: see http://www.lazydba.com
By using this list you agree to these
terms:http://www.lazydba.com/legal.html

DISCLAIMER: This electronic message together with any attachments is
confidential. If you are not the intended recipient, do not copy, disclose or
use the contents in any way. Please also advise us by return e-mail that you
have received the message and then please destroy. Oxygen Business Solutions is not
responsible for any changes made to this message and / or any attachments after
sending by Oxygen Business Solutions. We use virus scanning software but exclude all
liability for viruses or anything similar in this email or any attachment.

Oracle LazyDBA home page