TechTarget

Oracle issues urgent warning to users to download security patch

Oracle is urging users to download a patch immediately to plug security holes in its main database products, including its 8i, 9i...

Oracle is urging users to download a patch immediately to plug security holes in its main database products, including its 8i, 9i and 10g systems.

The potential flaws were confirmed by Oracle at the end of August but many firms have not responded quickly enough and Oracle said details of real-life exploits of the flaws are circulating on the internet.

The US-based Computer Emergency Response Team published its own findings on the security holes last month, which relate to buffer overflow and SQL injection exploits, among other potential attacks.

Cert said the flaws could be used to shut down or take control of vulnerable systems or corrupt or steal data from databases

Oracle has not published full details of the holes in its products, but admitted that exploits now existed for "some of the issues".

Oracle said the risk to its Database Server and Application Server systems was "high" because potential attackers can take advantage of the flaws with just network access but without the need for a valid user account and password.

Oracle said the holes in Enterprise Manager are rated as "medium risk" because attackers would need access to the network and details of a user account running on the platform to exploit them.

Oracle systems that need patching    

  • Oracle Database 10g Release 1, version 10.1.0.2  
  • Oracle 9i Database Server Release 2, versions 9.2.0.4 and 9.2.0.5  
  • Oracle 9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4  
  • Oracle 8i Database Server Release 3, version 8.1.7.4 
  • Oracle Enterprise Manager Database Control 10g, version 10.1.0.2  
  • Oracle Enterprise Manager Grid Control 10g, version 10.1.0.2  
  • Oracle Application Server 10g (9.0.4), versions  9.0.4.0 and 9.0.4.1  
  • Oracle 9i Application Server Release 2, versions  9.0.2.3 and 9.0.3.1  
  • Oracle 9i Application Server Release 1, version 1.0.2.2  
  • Oracle's Collaboration Suite and E-Business Suite 11i contain some of the vulnerable components and are also affected.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close