[Previous entry: "A Russian language news article about unfixed Oracle security bugs disclosure"] [Next entry: "Oracle dragging heels on unfixed flaws, researcher says"]
Sun has released an alert notification (15 July 2005) about multiple security vulnerabilities in Oracle affecting SunMC
July 19th, 2005 by Pete
Post to del.icio.us
Post to Furl
Sun has released an alert notification (Sun Alert ID 101782) dated 15 July 2005 and titled "Mulitple Security Vulnerabilities in Oracle Affect SunMC" - The synopsis states that unprivileged local or remote users can execute arbitary code on Solaris systems which have installed and enabled Sun Management Center (SunMC). The SunMC software runs typically as the user "smcorau" which is unprivileged but it uses the Oracle listener. Therefore it is affected by multiple listener vulnerabilities in Oracle Alert #68. This affects SunMC 3.5 on Solaris 8,9 and 10 that have not had Sun patch 118829-04 applied.
Sun recommends installing patch 118829-04 or later and also installing Oracle's latest Critical Patch Update.
Why release a note now about bugs in Alert #68? - This could be symptomatic of a bigger issue. How many companies use Oracle because another supplier uses it and its part of some other software? If the supplier assumes the person running it has patched or vice versa - then how many Oracle systems are out there not patched?
