Oracle issues patch for security flaw

By Martin LaMonica
Staff Writer, CNET News

Oracle recommended that its database customers patch a security vulnerability in certain versions of its database, saying risk to exposure is high. Any machine connected to an affected server could exploit the flaw and take over the server, the company said. The problem is found in four editions of Oracle's 9i and Oracle 8i databases as well as two editions of the Oracle 9i Application Server, the company said in an alert issued on Dec. 4.

The problem, further detailed at Carnegie Mellon University's CERT Coordination Center, is due to flaws in different implementations of security protocols, namely Secure Sockets Layer (SSL) and Transport Layer Security (TLS), used within Oracle's products. The SSL vulnerabilities can be "exploited when carefully crafted X.509 certificates are presented by clients, even when X.509 client certificates are not enabled," according to the Oracle alert.

Latest tech news headlines

Man loses job after searching too hard for aliens
Posted in Technically Incorrect by Chris Matyszczyk

November 30, 2009 7:42 PM PST
Google hosts energy experts amid climate talks
Posted in Relevant Results by Tom Krazit

November 30, 2009 6:01 PM PST
Nintendo primed for holiday console dominance
Posted in Geek Gestalt by Daniel Terdiman

November 30, 2009 5:00 PM PST
See all headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets: Market news, charts, SEC filings, and more; Related quotes; Oracle (0.00%) 0.00 22.08; Dow Jones Industrials (0.00%) 0.00 10,344.84; S&P 500 (0.00%) 0.00 1,095.63; NASDAQ (0.00%) 0.00 2,144.60; CNET TECH (0.00%) 0.00 1,574.88

Inside CNET News

Scroll Left Scroll Right

Technically Incorrect
Man loses job after searching too hard for aliens
An employee of an Arizona school district is asked to resign after school officials allege he had downloaded alien-seeking software to all the district's computers.
Gallery
App Store collector's items: 10 rarities (images)
The Open Road
Open source: No vow of poverty (or get-rich-quick scheme)
Open source is not a sure-fire way to get developers, income, or much of anything, but used right it can help to grow a proprietary software business. Go figure.
Beyond Binary
Microsoft investigating 'black screen of death'
The software maker is looking into reports that some users' systems aren't working right after installing the latest Windows security updates.
Video
Google Chrome OS demonstration
Digital Media
The browser battles go on and on
roundup From Firefox to IE and from Chrome to Opera and Safari, there's no sitting still for browser makers looking to keep their products fresh and competitive.
Video
Google Chrome OS unveiling
Geek Gestalt
Nintendo primed for holiday console dominance
Based on Thanksgiving week numbers provided by Nintendo, an analyst has concludes that the Wii appears likely to have far outsold the Xbox and PS3 in November.
Cutting Edge
Inside CERN with a collider scientist
Crave UK chats with a particle physicist directly involved in the Large Hadron Collider experiments to get a sense of what it's like to work in a geek heaven.
Gallery
Noisebridge hacker collective (photos)
Crave
iFotoGuide nature photography guides for the iPhone
iFotoGuide launches interactive nature photography guides for the Apple iPhone.
Relevant Results
Google hosts energy experts amid climate talks
Next week, the international community plans to discuss climate change and green energy, and U.S. energy experts kicked things off at Google's offices Monday