Get Smart about Business Spending
January 25, 2006 11:00 PM PST
Oracle critiqued again over patching speed
- Related Stories
-
Gartner: Oracle no longer a bastion of security
January 24, 2006 -
Oracle to 'Fortify' its source code
December 20, 2005 -
Halloween treat for Oracle: A database worm
November 1, 2005 -
Flaw hunters pick holes in Oracle patches
October 27, 2005 -
Oracle dragging heels on unfixed flaws, researcher says
July 19, 2005
Bug hunter David Litchfield on Wednesday provided limited details on a new, unpatched security flaw in Oracle software. The problem lies in the PLSQL Gateway, a component of the Oracle Internet Application Server, the Oracle Application Server and the Oracle HTTP Server, he said in an e-mail to the BugTraq mailing list. Litchfield is co-founder of U.K.-based Next Generation Security Software and one of Oracle's most vocal critics.
The flaw can be exploited by an attacker to gain full administrator-level control of a database server through a Web server, Litchfield wrote. He provides a workaround in the mail so Oracle users can protect themselves against attacks. The flaw was reported to Oracle on Oct. 26. Litchfield had hoped that Oracle would provide a fix or a workaround on its recent patch release day. "They failed to do so," he wrote.
See more CNET content tagged:
David Litchfield, Oracle Corp., application server, flaw, server
