Monday, April 10, 2006

Oracle Server Flaw Sparks Warning

Paul Roberts writes on InfoWorld:

A software security expert warned users of Oracle Server that a software flaw could allow any user to read, modify, and delete data used by Oracle applications; he also says that Oracle may have unwittingly shown hackers how to exploit the previously unknown hole.

Alex Kornbrust of Red-Database-Security said on Monday that an article posted on Oracle's MetaLink knowledge base on Thursday identified an unpatched and previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to 10.2.0.3 that allows Oracle users with read-only privileges to delete or modify rows of data used by Oracle applications. Sample code published with the knowledgebase article showed Oracle customers how the flaw could be exploited, he said.

In an e-mail statement, an Oracle spokeswoman said the company is aware of the vulnerability Kornbrust identified and is preparing a patch to address it in a future Critical Patch Update (CPU).

More here.

0 Comments:

Post a Comment

<< Home