TechTarget

Oracle inadvertently publishes exploit code for server flaw

Oracle has inadvertently alerted hackers to a previously unknown flaw in its Oracle Server platform and published information to help them exploit it.

Oracle has inadvertently alerted hackers to a previously unknown flaw in its Oracle Server platform and published...

information to help them exploit it.

The flaw allows any user to read, modify or delete data used by Oracle-based applications.

Security researcher Alex Kornbrust, of Red-Database-Security, reported the problem to Oracle after reading the exploit information on Oracle's MetaLink knowledge base last week.

The published flaw relates to a previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to 10.2.0.3.

The flaw allows Oracle users with read-only privileges to delete or change data used by Oracle applications.

Kornbrust says sample code published within the knowledge base article demonstrated to Oracle customers how the flaw could be exploited.

After being informed of the problem, Oracle removed the article from MetaLink, but it is feared that hackers may have had time to read and copy the information, to be used for future attacks on Oracle customers.

Oracle said it was planning to release a patch to close the security hole.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close