Tuesday, July 18, 2006

Oracle Releases Fixes for 65 Flaws

Ericka Chickowski writes on SC Magazine Online:

All were part of the Redwood Shores, Calif.-company's quarterly Critical Patch Update (CPU). They affect a range of Oracle products--the majority affect database and E-Business Suite software—and the company has no suggested workarounds for the alerts but instead advised customers to install the patch.

Most of the concern in this patch cycle is on the increasing prevalence of database security problems, said Amichai Shulman, director of Imperva's Application Defense Center (ADC), a database vulnerability research group. Shulman said that the 23 database-related flaws patched today fall into three categories: protocol violations, SQL injections and flaws associated with stored procedures.

Based on his research, some of the most alarming flaws are the protocol violations, which he said are quickly becoming a favorite attack vector for the bad guys.

More here.

0 Comments:

Post a Comment

<< Home