|
|
Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability
Solution: Oracle has released an alert (#68) and a patch to address this and other issues. Information regarding obtaining and applying an appropriate patch can be found at the following location: http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1 It should be noted that a valid subscription to the metalink service is required in order to view this document. It is reported that software conflicts may arise when these patches are installed against binaries that have already had patches installed. Additionally, although Oracle 9i 9.2.x.x database server is supported, it is reported that customers may be required to update to versions 9.2.0.4/9.2.0.5 prior to applying these patches. This action might also be required for other releases and products. Customers are advised to contact the vendor for further information and support in regards to the installation of appropriate updates. A message from "David Litchfield" <davidl@ngssoftware.com> is available that states that some of the vulnerabilities in alert #68 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message, and contact their vendor for further information on the status of fixes. |
|
Privacy Statement |