Oracle released 14 software patches to sort out
vulnerabilities in its databases and application server software,
as well as releasing a tool to identify commonly used default
passwords that could be misused by hackers.
That’s because earlier versions of Oracle databases used
well-known default passwords and usernames, which could offer a
problem to any users who still rely on older databases or have
upgraded from an older versions that included the default
passwords.
The password scanner is actually a SQL script that scans a database
and then prints out the names of the default accounts if they're
unlocked.
Several of the bugs that Oracle is patching as part of the
quarterly update could be easily exploited in a widespread manner,
Oracle said, including a previously disclosed vulnerability in the
PL/SQL gateway software used to integrate Oracle's database with
Web-based applications.
However, some Oracle security specialists insisted there are still
a large number of unpatched bugs in Oracle’s products, including
one unfixed vulnerability from February 2005.
Sometimes, it seems security researchers cause more problems for
vendors than the hackers, with their announcements of
vulnerabilities timed to create the maximum disruption and
embarrassment. However, if the vulnerabilities weren’t there in the
first place, then vendors wouldn’t have the headaches. And nor
would the users.