|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] Oracle has 65 fixes in latest security update
From: InfoSec News (alerts
infosecnews.org)
Date: Wed Jul 19 2006 - 00:20:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.networkworld.com/news/2006/071806-oracle-security-patches.html
By Robert McMillan
IDG News Service
07/18/06
Oracle has issued 65 fixes for a wide range of software products as part
of its quarterly security release, called the Critical Patch Update.
The patches, released Tuesday, address problems in the company's database,
application server, and e-business suite products, among others, according
to Darius Wiles, manager of Oracle Security Alerts. More information on
the patches can be found here [1].
Some of the patches are also designed for client software that works with
Oracle's databases, he said. "There are 23 fixes for vulnerabilities that
affect database servers and another four that apply to clients."
Included in the patches are fixes for an exploit that had been made public
on the Bugtraq mailing list back in April, as well as a fix for a bug that
Oracle had inadvertently disclosed on (and then quickly removed from) its
own Metalink support service. The Bugtraq exploit can be found here.
Oracle has released 10 fixes for its Application Server and 20 fixes for
its E-Business Suite, Wiles said.
Many of the vulnerabilities relate to a proprietary networking protocol
used by Oracle's database, called Oracle Net. This protocol has come under
increased scrutiny over the past year, according to Amichai Shulman,CTO
with Imperva.
"No one has explored these options up until now," Shulman said. "Once
people dive into these obscure protocols, they are sure to find many
vulnerabilities."Often network vulnerabilities can be the most dangerous,
he said, "because you don't need any database credentials in order to
exploit them."Oracle's next critical patch update is scheduled for Oct.
17.
All contents copyright 1995-2006 Network World, Inc.
[1] http://www.securityfocus.com/archive/1/431353/30/30/threaded
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]