Oracle critiqued again over patching speed

By Joris Evers
Staff Writer, CNET News

Related Stories: Gartner: Oracle no longer a bastion of security
January 24, 2006; Oracle to 'Fortify' its source code
December 20, 2005; Halloween treat for Oracle: A database worm
November 1, 2005; Flaw hunters pick holes in Oracle patches
October 27, 2005; Oracle dragging heels on unfixed flaws, researcher says
July 19, 2005

Bug hunter David Litchfield on Wednesday provided limited details on a new, unpatched security flaw in Oracle software. The problem lies in the PLSQL Gateway, a component of the Oracle Internet Application Server, the Oracle Application Server and the Oracle HTTP Server, he said in an e-mail to the BugTraq mailing list. Litchfield is co-founder of U.K.-based Next Generation Security Software and one of Oracle's most vocal critics.

The flaw can be exploited by an attacker to gain full administrator-level control of a database server through a Web server, Litchfield wrote. He provides a workaround in the mail so Oracle users can protect themselves against attacks. The flaw was reported to Oracle on Oct. 26. Litchfield had hoped that Oracle would provide a fix or a workaround on its recent patch release day. "They failed to do so," he wrote.

See more CNET content tagged:
David Litchfield, Oracle Corp., application server, flaw, server

Latest tech news headlines

Report: MySpace to push deeper into entertainment
Posted in News - Digital Media by Greg Sandoval

July 10, 2009 5:32 PM PDT
Ten issues I have with Twitter (and its community)
Posted in Webware by Don Reisinger

July 10, 2009 5:06 PM PDT
The Internet is a dollar store
Posted in Rafe's Radar by Rafe Needleman

July 10, 2009 4:46 PM PDT
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Oracle (0.84%) 0.17 20.49; Dow Jones Industrials (-0.45%) -36.65 8,146.52; S&P 500 (-0.40%) -3.55 879.13; NASDAQ (0.20%) 3.48 1,756.03; CNET TECH (0.36%) 4.57 1,262.65

Inside CNET News

Scroll Left Scroll Right

The Space Shot
Weather threatens Saturday shuttle launch
A month late because of a now repaired hydrogen leak, NASA is preparing the shuttle Endeavour for launch Saturday on a 16-day space station assembly mission.
Gallery
Photos: The surface of the moon, here on Earth
The Open Road
Trent Reznor: 'So you want to make money on the Web'
In a post that could easily explain the emerging open-source software business model, Nine Inch Nails lead details how to make money in music.
Beyond Binary
Microsoft aims for Silverlight at end of the tunnel
The software maker concedes it has a long way to go to reach the ubiquity of Adobe's flash, but notes it has come a long way in a little less than two years.
Video
Video: iPhone 3G S launch in New York City
Digital Media
Report: MySpace to push deeper into entertainment
News Corp. has plans to turn MySpace into an entertainment portal. How much more entertainment can the site add?
Video
A recipe for high-tech chocolate
Geek Gestalt
Road Trip pic of the day, 7/10: What is it? Who made it?
This artwork is in Utah, near the Nevada border. For today's Road Trip picture of the day challenge, be the first to tell me what it is and who the artist is, and you win a prize.
Cutting Edge
Americans see science as lagging here
The public appreciates scientific advancement but thinks the U.S. has fallen from its pedestal, according to a new Pew survey. Scientists, ahem, disagree.
Gallery
Images: The many faces of the smart grid
Digital City Podcast
Digital City No. 40: Google's Chrome OS vs. stealing cell phones vs. NYC subway map phone apps
Episode 40 of the Digital City, Google's new Chrome OS, and what it means for Netbooks and Microsoft; some not-too-bright cell phone thieves; how Scott semi-scammed a new iPhone 3GS; and some new apps for navigating the NYC Subway system.
Green Tech
Chasing the Toyota Prius' 50-mpg nirvana
CNET News' Martin LaMonica, an early buyer of the 2010 Toyota Prius, finds that the car gets good mileage but there's clearly more to learn.