Oracle Server Flaw Sparks Warning
Paul Roberts writes on InfoWorld:
A software security expert warned users of Oracle Server that a software flaw could allow any user to read, modify, and delete data used by Oracle applications; he also says that Oracle may have unwittingly shown hackers how to exploit the previously unknown hole.More here.
Alex Kornbrust of Red-Database-Security said on Monday that an article posted on Oracle's MetaLink knowledge base on Thursday identified an unpatched and previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to 10.2.0.3 that allows Oracle users with read-only privileges to delete or modify rows of data used by Oracle applications. Sample code published with the knowledgebase article showed Oracle customers how the flaw could be exploited, he said.
In an e-mail statement, an Oracle spokeswoman said the company is aware of the vulnerability Kornbrust identified and is preparing a patch to address it in a future Critical Patch Update (CPU).
posted by Fergie @ 4/10/2006 04:06:00 PM
0 Comments:
Post a Comment
<< Home