Patched Oracle Database Still at Risk
Oracle's security woes continue.
Dawn Kawamoto writes on C|Net News:
Oracle's latest update fails to tackle a database flaw that has already been exploited, a security researcher has warned.More here.
Last week, the business software maker issued its quarterly Critical Patch Update, addressing more than 30 flaws in its software. However, the update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a message sent to the Full Disclosure security list on Wednesday by David Litchfield, a researcher at Next Generation Security Software.
The exploit, released on the Internet last week, isn't for a flaw that Oracle patched, but for a new problem. Initially, experts believed it was for one of the patched vulnerabilities.
0 Comments:
Post a Comment
<< Home