6 New Oracle Flaws Patched
- By Scott Bekker
- February 20, 2003
Security researchers at CERT/CC underscored the importance of a group of newly patched vulnerabilities in Oracle Corp.'s enterprise software, including versions that run on Windows servers.
The security flaws affect the Oracle9i Database, release 1 and 2; the Oracle8i Database, version 8.1.7; the Oracle8 Database, version 8.0.6; and the Oracle9i Application Server, releases 9.0.2 and 9.0.3, according to the CERT advisory issued Wednesday.
The worst flaws among the four new buffer overflow vulnerabilities and two vulnerabilities in the application server can allow an attacker to execute arbitrary code. All of the flaws were discovered by security researchers at Next Generation Security Software, Ltd., which notified Oracle about the problems back in September.
The CERT/CC Advisory can be found at www.cert.org/advisories/CA-2003-05.html.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.