Attack code out for Oracle database

By Joris Evers
Posted on ZDNet News: Apr 21, 2006 1:30:00 AM

Attack code that takes advantage of a flaw in Oracle's database software has been released on the Web, raising the urgency to patch.

The exploit code was published Wednesday, only a day after Oracle released its quarterly Critical Patch Update, security provider Symantec said in an alert to users of its DeepSight intelligence service.

The exploit code was published to the popular BugTraq security mailing list. It targets the Oracle Database 10g and appears to give the attacker higher privileges on the system.

Oracle addressed close to 40 vulnerabilities in its Tuesday patch release cycle. Some of the issues would require an exploit for a successful attack; others would not, according to Symantec.

The U.S. Computer Emergency Readiness Team added its voice on Wednesday, urging users in an alert to apply Oracle's fixes.

SponsoredWhite Papers, Webcasts, and Downloads

Trend Micro Email Encryption Trend Micro Take this tour of our Email Encryption demo, and learn: Why you ... Download Now
Dell's IT Infrastructure Services, Desktops, and Notebooks Allow Global Consumer Packaged Goods Marketer Unilever to Support Staff Efficiency and Productivity With Business-Critical IT Services Dell Unilever is a multinational corporation that owns 400 consumer brands ... Download Now
Cost-Effective IT Platform Is a Welcome Guest at Upscale and Luxury Hotel Chain Dell Wyndham International is a hotel chain renowned for offering personalized ... Download Now

Talkback
Most Recent of 3 Talkback(s)

Thread View
Flat View

But this many flaws?: None of the following are nearly this bad. They barely get any flaws per month let along 10 or more per month.

IBM DB2
Microsoft SQL Server
MySQL... (Read the rest); Posted by: georgeou Posted on: 04/27/06 You are currently: a Guest | Log in | Terms of Use