Oracle inadvertently publishes exploit code for server flaw


Oracle inadvertently publishes exploit code for server flaw

Antony Savvas

Oracle has inadvertently alerted hackers to a previously unknown flaw in its Oracle Server platform and published information to help them exploit it.

The flaw allows any user to read, modify or delete data used by Oracle-based applications.

Security researcher Alex Kornbrust, of Red-Database-Security, reported the problem to Oracle after reading the exploit information on Oracle's MetaLink knowledge base last week.

The published flaw relates to a previously unknown security hole in Oracle Server Enterprise Edition Version 9.2 to

The flaw allows Oracle users with read-only privileges to delete or change data used by Oracle applications.

Kornbrust says sample code published within the knowledge base article demonstrated to Oracle customers how the flaw could be exploited.

After being informed of the problem, Oracle removed the article from MetaLink, but it is feared that hackers may have had time to read and copy the information, to be used for future attacks on Oracle customers.

Oracle said it was planning to release a patch to close the security hole.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy