resource center
  See your link here
|
Computerworld - Oracle Corp. appears to have accidentally released details about an unpatched security vulnerability in its database software, including sample code for exploiting the flaw.
The information about the vulnerability was included in a note that was briefly posted on Oracle 's MetaLink customer support portal on April 6.
Oracle removed the information the next day after being informed of the security risks, said Alexander Kornbrust, a business director at Red-Database-Security GmbH in Neunkirchen, Germany.
Kornbrust distributed an advisory about the vulnerability to the Full Disclosure security mailing list last Monday. The security researcher said he decided to go public with the information about the vulnerability because enough people had already seen Oracle's Metalink note to pose a risk for users of the database.
An Oracle spokeswoman declined to comment about how the exploit code was released. She said the company plans to provide a software fix for the database hole "in a future quarterly patch update," although it won't be in the next set of security patches that Oracle plans to release tomorrow.
To exploit the vulnerability, an attacker would first need to have a user account on an Oracle database. By creating specially crafted queries, users who normally would only be able to read data could change the underlying information in a database.
Read more about security in Computerworld's Security Knowledge Center.
Application Grid: Ideal Platform for IT Consolidation
Get this now!
Data in Action: Making the Planet Smarter
Register Now
Making the Business Case for Data Centre Consolidation
Get this now!
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
View this webcast!
Maximize ROI for Web Applications
Register for this webcast now!
Sign up to receive updates on the latest Business Intelligence resources
 |
 SAS Information Management Kit SAS is the leader in business intelligence and analytical software and services. Only SAS offers leading data integration, storage, analytics and business intelligence applications within a comprehensive enterprise intelligence platform. SAS gives 97 of the top 100 companies in the 2007 Fortune 500 THE POWER TO KNOW®. |  Webcast: The Information Management Roadmap Imagine high-quality data, cleansed, analyzed and delivered throughout your organization. Join Computerworld, IT visionary Thornton May and a panel of experts to learn how SAS® can help you make it happen. View this webcast  |  Research Report: Information Management Initiatives at Midsize and Large Organizations See the top-line results of this Computerworld sponsored survey to see how IT and business leaders are handling information management implementation.Download this report |  White Paper: Information Management: Better Information for Winning Decisions. This white paper explains how the SAS Information Evolution Model aids companies in assessing how they use this information to make strategic decisions and drive business. Download this white paper |
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
