The ndwfn4.so shared library shipped with Oracle's Application Server
version 4.0.8.2 has been found to contain a remotely exploitable buffer
overflow in the handling of long URL requests. The ndwfn4.so library is
designed to plug into iPlanet Web Server (tested with 4.x).
No patches have been made available.
Source: SecurityFocus Bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-04/0149.html
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jay Weinshenker
INET: jweinshe_at_concentric.net
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).