Bug hunter David Litchfield on Wednesday provided limited details on a new, unpatched security flaw in Oracle software. The problem lies in the PLSQL Gateway, a component of the Oracle Internet Application Server, the Oracle Application Server and the Oracle HTTP Server, he said in an e-mail to the BugTraq mailing list. Litchfield is co-founder of U.K.-based Next Generation Security Software and one of Oracle's most vocal critics.
The flaw can be exploited by an attacker to gain full administrator-level control of a database server through a Web server, Litchfield wrote. He provides a workaround in the mail so Oracle users can protect themselves against attacks. The flaw was reported to Oracle on Oct. 26. Litchfield had hoped that Oracle would provide a fix or a workaround on its recent patch release day. "They failed to do so," he wrote.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Prominent corporate governance organization says Facebook's dual-class stock structure gives CEO Mark Zuckerberg too much control over the company's future.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Is the public ready for Samsung's new Galaxy Note device, which melds tablet and phone into one unique mobile device? We hit New York streets and received some surprising results.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation