 |
 |
 |
|
| SecurityProNews > News > Security News > Oracle’s Early Security Patch Release: 11i Update |
[ news_security_news ]Oracle’s Early Security Patch Release: 11i Update
John Stith Staff Writer 2006-02-28  Security News RSS Feed
Database monster Oracle released an out-of-cycle security patch with multiple fixes for what are considered high-risk vulnerabilities for their enterprise customers. The product in question relates to the Oracle Diagnostics troubleshooting feature of the E-Business Suite 11i and it comes as nearly two months ahead of schedule. On Friday, security-consulting firm Integrigy published an advisory regarding the vulnerabilities including high risk vulnerabilities in multiple areas. When 11i was originally designed, it designed to help IT admins to conduct tests. Integrigy said this in their bulletin(pdf): There exist a number of high risk security vulnerabilities in the Oracle Diagnostics web pages and Java classes. The most significant issue with the Oracle Diagnostics is that some of the diagnostics can be executed without any authentication and it is possible to configure the diagnostics to be unrestricted. Also, several permission issues and SQL injection vulnerabilities are fixed by the patch. Integrigy suggested in their advisory that Oracle might be utilizing this update to get people to remember their updates and make the changes they need to allow Oracle to provide better service. Normally, Oracle puts through an update once a quarter with the next update due out on April 18th. Get all the updates - click this link: 
Add to | DiggThis| Yahoo My Web |
 |
