[ insider_reports_insider ]
Oracle Troubled By Web Component Security
David Utter
Staff Writer
2008-07-16
 Insider Reports RSS Feed
The latest run of vulnerability fixes released by Oracle showed troubling trends with making services available with web-facing resources.
 | | Oracle Troubled By Web Component Security |  |
Not only were previous versions of Oracle's signature database impacted by recently discovered vulnerabilities, but the latest version of their product, 11g, also contained flaws addressed in the newest patch updates released by Oracle.
Imperva CTO Amichai Shulman told SecurityProNews his first look at Oracle's updates noted that disturbing revelation. Along its Internet-facing products, many web components required fixes for the usual threats like code injection or buffer overflows.
Shulman said there was "definitely a trend" toward more of these kinds of problems being revealed. On the positive side, he cited Oracle's move toward denoting security issues with a CVE code to make them uniform with how the security industry tracks flaws and their resolutions.
According to security vendor iDefense Labs, Oracle needed to fix a critical issue in its Internet Directory. A malformed LDAP request could enable an attacker to hit a vulnerable host with a denial of service attack.
Another problem highlighted by iDefense that received a fix posed a remotely exploitable threat. A buffer overflow vulnerability in the DBMS_AQELM package in Oracle's Database, due to a failure to properly validate input, might allow an attacker to execute arbitrary code as the database user.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
