Monday, September 03, 2007

'Stupid' Vulnerabilities Reported in Oracle 11g

Sumner Lemon writes on PC World:

The latest version of Oracle Corp.'s flagship database offers better security than earlier versions, but development errors have left vulnerabilities that attackers can use to steal data, an expert warned Monday.

"Oracle made big progress with 11g, but some of the vulnerabilities I've found so far in 11g are stupid programming errors," said Alexander Kornbrust, managing director of Red Database Security GmbH, during an interview at the Hack In The Box (HITB) Security Conference 2007 in Kuala Lumpur, Malaysia.

Kornbrust, who helps large companies audit the security of their Oracle databases, examined the software and found SQL injection vulnerabilities, which allow attackers to run malicious code. He also uncovered a way to circumvent the auditing capability in 11g and other versions of the database, which could undermine a company's compliance efforts.

More here.

posted by Fergie @ 9/03/2007 04:12:00 PM

0 Comments:

Post a Comment

<< Home