News

Oracle inadvertently publishes exploit code for server flaw

Antony Savvas

Oracle has inadvertently alerted hackers to a previously unknown flaw in its Oracle Server platform and published information to help them exploit it.

The flaw allows any user to read, modify or delete data used by Oracle-based applications.

Security researcher Alex Kornbrust, of Red-Database-Security, reported the problem to Oracle after reading the exploit information on Oracle's MetaLink knowledge base last week.

The published flaw relates to a previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to 10.2.0.3.

The flaw allows Oracle users with read-only privileges to delete or change data used by Oracle applications.

Kornbrust says sample code published within the knowledge base article demonstrated to Oracle customers how the flaw could be exploited.

After being informed of the problem, Oracle removed the article from MetaLink, but it is feared that hackers may have had time to read and copy the information, to be used for future attacks on Oracle customers.

Oracle said it was planning to release a patch to close the security hole.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy