TechTarget

Exploited flaw traced as far back as Oracle 8

An Oracle database bug that was exploited earlier this month has existed since version 8 of the company’s enterprise database.

An Oracle database bug that was exploited earlier this month has existed since version 8 of the company’s enterprise database.

Code for hacking into the Oracle database was published on the NTBugtraq website just days after Oracle released its April critical patch update.

However, the update does not fix the specific flaw that the exploit takes advantage of, said David Litchfield, managing director of London-based Oracle security specialist NGS Software. The exploit, which affects the DBMS_Export_Extension package in the database, could let a user gain database administrator privileges with full administrative control over the database server.

Litchfield said, “This flaw goes all the way back to Oracle 8 and is one of the flaws I reported to Oracle. It is incredible that there have been so many problems in DBMS_Export_Extension that Oracle has been unable to fix.”

Litchfield urged database administrators to minimise risk by disabling the affected function to prevent execution of code.

Oracle said that since its critical patch update is tested across product suites, the company is limited in the number of fixes it can include.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close