OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: ian stanley (iandstanleyusers.sourceforge.net)
Date: Fri Jul 13 2001 - 10:47:57 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Friday 06 July 2001 23:24, Jair Pedro wrote:
    > After reading the article, I went to oracle to download the patch and was
    > very surprised that in order do download the patch I would have to Pay!!!
    > To access the restrict area where I could get the patches I would have to
    > had a contract with them, which costs about 22% of the licence I already
    > have.
    >
    > I tried to explain them by phone and email that was not my fault the fact
    > that their product had this serious security flaw and all they said was
    > their assistance in free basis was only during the first 3 months after
    > install and "you would have a lot of advantages signing our support
    > services".

    Depending on your country of origin - you could have some consumer protection.

    eg. in the UK you would probably be supported by /the sale of goods act/
    in as much as the security of the product ought to be considered critical
    to the enterprise concerned - and thus the product be /unfit for the purpose
    intended/. Never mind the fact that they may have shipped faulty goods.

    Even the possibility of a potential court case being filed against oracle
    based ont he being unfit for the purpose - would be rather embarrasing for
    oracle.

    > I dont want support as far we have almost half a ton of books on our
    > development department and all the news group on the internet...
    >
    > There is nothing I can do now, except to pay to correct their very own
    > error, but, on my company, I do not intend to deploy any others product
    > which similiar politic$ for patches.
    >
    > The next time we need a database, it will not be an Oracle.
    > I'd like to hear from the list if there are others companies/products with
    > such an absurd policy.
    >
    > tks
    >
    > Jair
    > ----- Original Message -----
    > From: "Aaron C. Newman" <aaronnewman-family.com>
    > To: "Jeffrey M. Smith" <jsmithpurdue.edu>; <bugtraqsecurityfocus.com>
    > Sent: Friday, June 29, 2001 8:06 PM
    > Subject: RE: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener
    >
    > > I also could not locate a patch or even a reference to the bug id either.