Date: Thu, 18 Jan 2001 16:04:18 -0600
From: Security Alerts <secalert_us@ORACLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet Directory
Patch for Potential Buffer Overflow Vulnerabilities in Oracle Internet
Directory
Description:
Several potential buffer overflow vulnerabilities have been discovered
in the Oracle Internet Directory executables 'oidldapd' and 'oidmon'.
These vulnerabilities were originally found in Oracle Internet Directory
(OID) 2.0, Release 2.0.6, on Linux. (Note: OID 2.0.6 on LINUX was a beta
release.)
Workaround:
Oracle recommends that customers implement the following workaround:
change the file permissions to 710 on the 'oidldapd' and 'oidmon'
executables. These permissions will limit access (to the executables) to
a small, privileged group of users on the host machine.
Patch Information:
Oracle has comprehensively fixed these vulnerabilities in the OID 2.0,
Release 2.0.6.3, patch set on Solaris and in the forthcoming OID 2.1,
Release 2.1.1.1, patch set. The OID 2.0.6.3 patch set is available on
Metalink, Oracle's Support Services site, http://metalink.oracle.com.
Oracle intends to produce this patch on additional platforms as well.
Credits:
Oracle would like to thank Juan Manuel Pascual Escribц┐ for discovering
these vulnerabilities and promptly bringing them to Oracle's attention.
