HomeSecurity

Oracle Patch Day: Critical Flaws Fixed

Ryan Naraine
By Ryan Naraine

Database software giant Oracle has issued its
first monthly security bulletin with patches for multiple “high risk”
product flaws.

Facing a barrage of criticism from security experts for long delays
in releasing fixes for security product flaws, the company issued an advisory (PDF file)
to warn of potentially serious bugs in the Oracle Database
Server, the Oracle Application Server, the Oracle Enterprise Manager and
the Oracle Collaboration Suite.

Specific details of the vulnerabilities were not released, but Oracle
said malicious attackers could exploit the holes to hijack services,
manipulate data, expose sensitive system information and perform
Denial of Service attacks .

“The unpatched exposure risk is high; exploiting some of these
vulnerabilities requires network access, but no valid user account,”
Oracle said. “There are no workarounds that fully address the security
vulnerabilities … Oracle strongly recommends that customers apply the
available patches without delay.”

The company posted a patch
availability matrix for customers online.

Security alert clearinghouse Secunia rates the flaws as “highly
critical” and released a
breakdown of affected Oracle product versions.

Research firm Integrigy, which helped Oracle identify some of the
vulnerabilities, also issued a separate alert
with a warning that they “can be exploited in all Oracle Applications
implementations.”

“The vulnerabilities include buffer overflows, SQL injection issues,
and denial of service problems — many of which are considered critical
since an attacker can effectively gain control over an application or
database server without a valid login,” Integrigy said.

“All Oracle Applications customers should consider these
vulnerabilities extremely high risk and apply the Oracle patches at the
earliest possible opportunity. Customers with Internet facing
application servers should consider applying these patches as soon as
possible,” the company added.

The month-end release of a mega advisory follows a decision by Oracle
to adopt a
monthly patch cycle. The new policy is similar to Microsoft’s
monthly security update, which is scheduled for the second Tuesday
of every month.

Ryan Naraine
Ryan Naraine
Previous article
Philips, Samsung Announce NFC Plans
Next article
Opera Goes for Mobile Windows

Similar Posts

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Advertisers

Advertise with TechnologyAdvice on InternetNews and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2021 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.