TITLE

Oracle's new vulnerabilities

PUB. DATE
November 2005
SOURCE
SC Magazine: For IT Security Professionals (UK Edition);Nov2005, p17
SOURCE TYPE
Periodical
DOC. TYPE
Article
ABSTRACT
This article presents information on security vulnerabilities in Oracle database and application software. Oracle has released patches for them in October 2005 under its quarterly update schedule. At least one was already in the public domain, and exploit code for another was released within days of the updates. The exploit code is a buffer overflow exploit conducted via SQL injection against Oracle databases, and can be used to give an attacker administrator privileges on the system. The previously published flaw is a cross-site scripting attack against the Oracle Reports Server. Updating core database infrastructure applications is a major task, and the number and scope of these vulnerabilities means testing and patching will take time, but with exploit code already circulating. Many e-commerce systems will need attention immediately.
ACCESSION #
18969776

 

Related Articles

  • Spyware needs to go. Rapoza, Jim // eWeek;12/1/2003, Vol. 20 Issue 48, p53 

    This article presents information on spyware, computer programs that hide inside installed applications and then use information on browsing habits to drive pop-up advertisements and other annoyances onto the system. Spyware has grown in popularity because it allows vendors of "free" utilities...

  • Anti-malware protection.  // MacUser;Jun2014, Vol. 30 Issue 6, p32 

    The article takes a look at the apps from reputable companies that offer to protect from various kinds of malicious activity including viruses that might appear without warning. It cites the Flashback and Mac Defender as examples of a software that openly asks users to install it instead of...

  • Oracle Completes Its Wireless Server Package . Smith, Brad // Wireless Week;10/29/2001, Vol. 7 Issue 44, p14 

    Provides information on Oracle9i Application Server software manufactured by Oracle Corp. Capabilities of the application software; Features of the software; Reasons for the inability of enterprises to adopt wireless and mobile applications; Issues on the deployment of the software.

  • Oracle app server: Work in progress. Dyck, Timoty // PC Week;04/27/98, Vol. 15 Issue 17, p45 

    Reviews the beta release of Oracle Application Server 4.0, a Web-based application development package from Oracle Corp. with a Perl-based scripting language and Web administration tools. Features; Support for Common Object Request Broker Architecture (CORBA); Gaps in the program; Contact...

  • 9i COMES WITH COMPETITION. Koblentz, Evan // eWeek;06/11/2001, Vol. 18 Issue 23, p18 

    Focuses on the new and improved features for the Oracle9i software's database. Challenge faced by the company in encouraging users to upgrade; Details of the competitive pressures that the company must overcome according to observers.

  • Striking a balance. Fonseca, Brian // eWeek;11/29/2004, Vol. 21 Issue 48, p27 

    The article presents an interview with Mary Ann Davidson, Oracle Corp.'s Chief Security Officer, about the types of security threats of most concern to her database customers. Davidson said that the company will make its new quarterly update process as painless as possible. The company picked...

  • Oracle DBAs Feeling Insecure. Mimoso, Michael S. // Information Security;Apr2006, Vol. 9 Issue 4, p15 

    Presents information on the concerns of database administrators using Oracle software in the U.S. regarding the security of Oracle databases as of April 2006. Update on the efforts taken by the company to ramp up security; Statement from Darius Wiles, a senior manager with Oracle's security...

  • ORACLE TO PARTNER WITH IBM TO DEVELOP AIX APPLICATIONS.  // UNIX Update;Feb2006, Vol. 17 Issue 2, p7 

    The article reports on the partnership of Oracle and the IBM Advanced Interactive Executive (AIX) Collaboration Center (IACC) to develop AIX application in the U.S. in 2006. The partnership of Oracle and IACC aims to integrate Oracle applications with the existing and upcoming versions of AIX 5L...

  • Oracle switches to monthly patch as hackers target enterprise apps. Mohamed, Arif // Computer Weekly;8/31/2004, p14 

    This article reports that computer software developer Oracle Corp. is to issue monthly security patches for its Database, Application Server and Enterprise Manager products, as security experts report an increase in attacks on core enterprise applications. Industry experts said Oracle's change...

Share

Read the Article

Courtesy of THE LIBRARY OF VIRGINIA

Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics