Oracle warns of exploits for latest DB flaws

News

Oracle warns of exploits for latest DB flaws

Oracle is warning customers to apply software patches it released in August because of the availability of malicious code that can exploit unpatched vulnerabilities in its software.

The company said it has received notification that there are published exploits for "some of the issues" addressed in a recent security alert. The company did not provide information about the exploits.

The security holes affect a number of Oracle products, including versions of its 8i, 9i and 10g Database, Application Server and Enterprise Manager software, according to a bulletin posted by Oracle on 31 August, which also released a patch for the vulnerabilities.

The exposure for vulnerabilities in Oracle's Database Server and Application Server was described as "high" because attackers could take advantage of the flaws with network access, but without a valid user account and password.

The hole in Enterprise Manager was rated a "medium" risk, because attackers would need both access to the network running the Enterprise Manager and a valid operating system user account on the machine running Enterprise Manager, Oracle said.

In September, the US government's Computer Emergency Response Team issued an alert about the flaws, noting that they could be used to shut down or take control of vulnerable systems running the software or to corrupt or steal data from the Oracle databases.

Oracle strongly recommends affected customers apply the software patches "without delay".

Paul Roberts writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy