resource center
  See your link here
|
IDG News Service -
Database administrators now have an added incentive to install Oracle Corp.'s latest security patches, which were released earlier this week. Malicious software is circulating that can crash an unpatched database server, and one security expert predicted that more malware targeting the 89 recently patched vulnerabilities is on the way.
Yesterday , code was published on the Full Disclosure security mailing list that exploits a buffer overflow vulnerability in certain versions of Oracle's databases.
The code could be used by attackers to bring down a database, using a technique called a SQL injection attack, said Alexander Kornbrust, a business director at Red-Database-Security GmbH in Neunkirchen, Germany. In SQL injection attacks, Web applications that work with the database are tricked into sending malicious database queries using the SQL language.
The exploit could be used either by an attacker who had user credentials on an unpatched database or by a remote attacker, using a SQL injection attack over the Internet, Kornbrust said. "I tried the exploit, and it's working," he said in an interview conducted via instant message. "I highly recommend customers to apply these patches as soon as possible."
In a statement, Oracle said that Versions 9i and 10g of the database software were vulnerable to the bug, but the exploit published on Full Disclosure affects only 10g users, according to Kornbrust.
On Tuesday, Oracle released a bundle of critical security patches that fixed 89 bugs in its database and application servers, as well as some PeopleSoft and J.D. Edwards applications (see "Oracle patches 89 holes with quarterly security update"). Oracle releases security patches every three months as part of its security update program.
Normally, a few exploits begin circulating after each Oracle security update, Kornbrust said.
The buffer overflow vulnerability is described as vulnerability No. DB27.
Oracle did not respond to requests for comment on this story.
IDG.net
HP Technology Guide for Scalable Business Solutions
Download This Resource Now!
Enterprise Application Delivery: No User Left Behind
Gain the ability to deliver applications to all users, using any device, across any network.
Gartner: Magic Quadrant for Application Delivery Controllers, 2009
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing...
Data Protection is not an insurance policy -you cannot buy-back lost data
Find out why you need to maintain access to critical information to run your business and remain competitive.
Chiquita selects Workday's fresh approach to Human Capital Management
A fresh approach to meet IT and HR objectives.
ITIL in Tough Economic Times
Are you looking for new inspiration to move forward with ITIL in these tough economic times?
The ROI of Software-As-A-Service
A Total Economic Impact™ Analysis Uncovers Long-Term Value In SaaS
IT Governance Podcast: IT Provider Forecasts $10 Million in Savings
In this podcast, learn how OTS was able to prioritize, then deliver, on the mission-critical demands and, in the process, project $10 million...
Sign up to receive updates on the latest Software resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
