Oracle issues security alert

By David Becker
Staff Writer, CNET News

Database giant Oracle warned of a flaw in its XML software that could open a door for denial-of-service attacks. In an alert posted Monday, Oracle said the flaw affects companies using the XML Database (XDB) component for the company's Oracle 9i software. XDB stores data based on Extensible Markup Language (XML), the growing standard for delivering Web services and uniting back-end software.

A hacker could exploit a buffer overflow hole in XDB to launch a denial-of-service attack or capture data, according to the alert. Oracle said the flaw was most likely to be exploited in an insider attack launched over a corporate network. Customers were advised to apply the appropriate patch, as detailed in the alert.

Latest tech news headlines

Twitter, LinkedIn team up for self-promotion free-for-all
Posted in The Social by Caroline McCarthy

November 9, 2009 10:46 PM PST
'Elf Yourself' returns with Facebook and Twitter power
Posted in The Social by Caroline McCarthy

November 9, 2009 9:18 PM PST
Justice Dept. asked for news site's visitor lists
Posted in News - Politics and Law by Declan McCullagh

November 9, 2009 9:10 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Oracle (0.00%) 0.00 21.83; Dow Jones Industrials (0.00%) 0.00 10,226.94; S&P 500 (0.00%) 0.00 1,093.08; NASDAQ (0.00%) 0.00 2,154.06; CNET TECH (0.00%) 0.00 1,569.62

Inside CNET News

Scroll Left Scroll Right

The Web Services Report
Microsoft releases SDK for Facebook
The software giant releases a software development kit for Facebook, allowing developers to make applications for the social-networking site with Silverlight and WPF.
Gallery
Images: Firefox through the ages
Technically Incorrect
In Apple parody, Florida says 'there's no app for this'
It seems that everyone is getting at Apple these days. A new ad campaign from the Florida Keys and Key West suggests there's no app for the wonderful experience of being there.
Beyond Binary
Microsoft releases Exchange 2010, acquires Teamprise
At TechEd Europe, Redmond offers the latest on its e-mail and calendar server. Meanwhile, it also scoops up a developer tool for creating code in multiple OSes.
Video
Exploratorium's shocking 40th anniversary kicks off
Technically Incorrect
New Verizon ad pushes Droid's manly side
In its latest spot, Verizon's Droid is declared to be a robotphone, while the iPhone resembles something that can only be for girls.
Video
A new workout for the Wii
The Social
Twitter, LinkedIn team up for self-promotion free-for-all
Partnership means that status messages can be interchangeable between the two: great for all those marketers who use the two to broadcast their own brands.
Cutting Edge
Winner declared in space elevator race
LaserMotive wins $900,000 in NASA's Space Elevator challenge, where teams compete to see who could drive their space elevator the fastest.
Gallery
Photos: Top-rated reviews of the week
Crave
Ricoh goes modular for GXR camera system
Rather than interchangeable lenses, Ricoh's new system uses sealed modules combining a lens and sensor. But will its high price render the whole thing a nonstarter?
The Car Tech blog
2010 Tesla Roadster Sport first drive
CNET Car Tech spends time with the 2010 Tesla Roadster Sport.