- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
Oracle has issued 65 fixes for a wide range of software products as part of its quarterly security release, called the Critical Patch Update.
The patches, released Tuesday, address problems in the company's database, application server, and e-business suite products, among others, according to Darius Wiles, manager of Oracle Security Alerts. More information on the patches can be found here.
Some of the patches are also designed for client software that works with Oracle's databases, he said. "There are 23 fixes for vulnerabilities that affect database servers and another four that apply to clients."
Included in the patches are fixes for an exploit that had been made public on the Bugtraq mailing list back in April, as well as a fix for a bug that Oracle had inadvertently disclosed on (and then quickly removed from) its own Metalink support service. The Bugtraq exploit can be found here.
Oracle has released 10 fixes for its Application Server and 20 fixes for its E-Business Suite, Wiles said.
Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle's database, called Oracle Net. This protocol has come under increased scrutiny over the past year, according to Amichai Shulman,CTO with Imperva.
"No one has explored these options up until now," Shulman said. "Once people dive into these obscure protocols, they are sure to find many vulnerabilities."Often network vulnerabilities can be the most dangerous, he said, "because you don't need any database credentials in order to exploit them."Oracle's next critical patch update is scheduled for Oct. 17.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment