Oracle issues urgent warning to users to download security patch


Oracle issues urgent warning to users to download security patch

Antony Savvas

Oracle is urging users to download a patch immediately to plug security holes in its main database products, including its 8i, 9i and 10g systems.

The potential flaws were confirmed by Oracle at the end of August but many firms have not responded quickly enough and Oracle said details of real-life exploits of the flaws are circulating on the internet.

The US-based Computer Emergency Response Team published its own findings on the security holes last month, which relate to buffer overflow and SQL injection exploits, among other potential attacks.

Cert said the flaws could be used to shut down or take control of vulnerable systems or corrupt or steal data from databases

Oracle has not published full details of the holes in its products, but admitted that exploits now existed for "some of the issues".

Oracle said the risk to its Database Server and Application Server systems was "high" because potential attackers can take advantage of the flaws with just network access but without the need for a valid user account and password.

Oracle said the holes in Enterprise Manager are rated as "medium risk" because attackers would need access to the network and details of a user account running on the platform to exploit them.

Oracle systems that need patching    

  • Oracle Database 10g Release 1, version  
  • Oracle 9i Database Server Release 2, versions and  
  • Oracle 9i Database Server Release 1, versions, and 9.0.4  
  • Oracle 8i Database Server Release 3, version 
  • Oracle Enterprise Manager Database Control 10g, version  
  • Oracle Enterprise Manager Grid Control 10g, version  
  • Oracle Application Server 10g (9.0.4), versions and  
  • Oracle 9i Application Server Release 2, versions and  
  • Oracle 9i Application Server Release 1, version  
  • Oracle's Collaboration Suite and E-Business Suite 11i contain some of the vulnerable components and are also affected.
Related Topics: Web software, VIEW ALL TOPICS

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy