News

Oracle issues urgent warning to users to download security patch

Antony Savvas

Oracle is urging users to download a patch immediately to plug security holes in its main database products, including its 8i, 9i and 10g systems.

The potential flaws were confirmed by Oracle at the end of August but many firms have not responded quickly enough and Oracle said details of real-life exploits of the flaws are circulating on the internet.

The US-based Computer Emergency Response Team published its own findings on the security holes last month, which relate to buffer overflow and SQL injection exploits, among other potential attacks.

Cert said the flaws could be used to shut down or take control of vulnerable systems or corrupt or steal data from databases

Oracle has not published full details of the holes in its products, but admitted that exploits now existed for "some of the issues".

Oracle said the risk to its Database Server and Application Server systems was "high" because potential attackers can take advantage of the flaws with just network access but without the need for a valid user account and password.

Oracle said the holes in Enterprise Manager are rated as "medium risk" because attackers would need access to the network and details of a user account running on the platform to exploit them.

Oracle systems that need patching    

  • Oracle Database 10g Release 1, version 10.1.0.2  
  • Oracle 9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5  
  • Oracle 9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4  
  • Oracle 8i Database Server Release 3, version 8.1.7.4 
  • Oracle Enterprise Manager Database Control 10g, version 10.1.0.2  
  • Oracle Enterprise Manager Grid Control 10g, version 10.1.0.2  
  • Oracle Application Server 10g (9.0.4), versions  9.0.4.0 and 9.0.4.1  
  • Oracle 9i Application Server Release 2, versions  9.0.2.3 and 9.0.3.1  
  • Oracle 9i Application Server Release 1, version 1.0.2.2  
  • Oracle's Collaboration Suite and E-Business Suite 11i contain some of the vulnerable components and are also affected.
Related Topics: Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy