Release date:
Updated on:
Affected Systems:
Oracle Auto Service Request
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58230
Oracle Auto Service Request is a secure and customer-installable support function that automatically generates Service requests for specific hardware faults.
Oracle Auto Service Request does not use mkstemp (). Instead, it creates a file using a timestamp in/tmp, causing the file to be overwritten under root.
<* Source: Larry W. Cashdollar (lwc@vapid.dhs.org)
Link: http://packetstormsecurity.com/files/120600/Oracle-Auto-Service-Request-File-Clobber.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Oracle
------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.oracle.com/technetwork/systems/asr/downloads/index.html? SsSourceSiteId = ocomen