In association with heise online

17 October 2007, 17:25

Busy Patch Tuesday for Oracle Admins

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As announced, Oracle patched a total of 51 flaws in the various products on its quarterly Patch Tuesday. A total of 27 vulnerabilities in the database were fixed. Oracle also corrected a total of 11 flaws in the Workspace Manager, 3 in Oracle Text, and 3 in Oracle Spatial. Additional bugs were removed from Advanced Queuing, XMLDB, OID, and ASO.

Alexander Kornbrust, the German database specialist who discovered and reported some of the flaws, says that the import flaw is the most significant. It has a CVSS base score of 6.5 (CVSS 2.0) and affects all versions of Oracle. The bug allows arbitrary commands to be executed as the SYS user. In addition, Kornbrust says some of the other security holes, such as the one in Database Vault (DB21) and Enterprise Manager (EM01), can also be exploited remotely without user authentication. Unfortunately, however, details have not been provided for all of these. The database specialist says it will be publishing additional analyses in the next few days.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit