|
|
Oracle Database 9i SQL Command Buffer Overflow Vulnerability
Solution: Oracle has released an alert (#68) and a patch to address these issues. Information regarding obtaining and applying an appropriate patch can be found at the following location: http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=281189.1 It should be noted that a valid subscription to the metalink service is required in order to view this document. It is reported that software conflicts may arise when these patches are installed against binaries that have already had patches installed. Additionally, although Oracle 9i 9.2.x.x database server is supported, it is reported that customers may be required to update to versions 9.2.0.4/9.2.0.5 prior to applying these patches. This action might also be required for other releases and products. Customers are advised to contact the vendor for further information and support in regards to the installation of appropriate updates. Update - Nov 12, 2004: Oracle has released an update for the patch for Database Server 9.2.0.5 running on HPUX 64-bit platform. It is reported that original patch did not include 32-bit library files. Oracle recommends uninstalling the original patch and replacing it with the patch dated 19-OCT-2004. The problem exists in patch versions dated before 19-OCT-2004. The updated patch is available from the Oracle Metalink site. A message from "David Litchfield" <davidl@ngssoftware.com> is available that states that some of the vulnerabilities in alert #68 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message, and contact their vendor for further information on the status of fixes. |
|
Privacy Statement |