Oracle Facing Zero-Day Onslaught? | Internet News
Security
SHARE
Facebook X Pinterest WhatsApp

Oracle Facing Zero-Day Onslaught?

Written By
Sean Michael Kerner
Sean Michael Kerner
Nov 22, 2006
2 minute read


Oracle database users take heed: December may be a tough month. A security researcher is warning of a week of Oracle database bugs.

The revelation comes after Oracle’s recent quarterly patch cycle for its namesake database. It typically yields double-digits’ worth of fixes for security flaws. For example, Oracle released an update at the end of October for some 63 flaws in Oracle databases. But even more flaws are lurking that have not yet been disclosed, according to Cesar Cerrudo, founder and CEO of the Argeniss Security Research Team. Now, he’s taking up the cause.

Cerrudo said he plans to release one bug a day for a full week in December. It’s an effort he’s calling, “The Week of Oracle Database Bugs”(WoODB). The idea is based on a similar concept that Metasploit developer H. D. Moore first professed with the Month of Browser
Bugs effort earlier this year. In an effort to raise awareness of browser security, Moore released one bug a day for the month of July.


According to Cerrudo, the WoODB is intended to actually “help” Oracle’s
database users. “I think Oracle users’ security will be helped since users will realize the
real threat they are facing running Oracle flawed software and they will
start to put pressure on Oracle asking for responses, improvements in
security, etc,” Cerrudo said. “Also if you know the threats you can protect
better than if you don’t know them.”


Oracle is being targeted because, in Cerrudo’s view, the company’s products contain “lots of unpatched vulnerabilities.” Argeniss Security Research allegedly
has Zero-day exploits for other database vendors as well.


Cerrudo told internetnews.com that Oracle has not contacted him about
the effort. Internetnews.com contacted Oracle, but a spokesperson was
not immediately available for comment. Oracle’s Global Product Security Blog is
also silent on the topic.

The researchers claim they could inflict a “Year of Oracle Database Bugs,” but say a week’s worth makes their point.


In its last patch update, Oracle improved the amount of information it made
available about reported flaws. Oracle now identifies which
vulnerabilities are remotely exploitable without requiring authentication on
the targeted system. Apparently, it’s still not enough for Cerrudo.


“Oracle has a long history on not patching bugs in a timely fashion,
producing flawed patches and not caring much about security,” Cerrudo said.
“Nothing has changed. Oracle continues doing the same and someone has to do
something about that. We are talking about a multi-million dollar company
and securing its products should be a must.”
Sean Michael Kerner
Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

facebook
x

Company

Contact us Advertise with us

Categories

News Enterprise Small Business Reviews Podcasts Blog Research

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information