The exploit, released on the Internet last week, isn't for a flaw that Oracle patched, but for a new problem. Initially, experts believed it was for one of the patched vulnerabilities.
Intruders could still gain higher privileges on a system via the new flaw in the database's (DBMS) export extension--a component that has been a recurring source of problems, Litchfield wrote.
Other versions of 10g may also be affected, Symantec said in an alert to users of its DeepSight intelligence service.
"We strongly encourage database administrators to revoke public execute permissions for DBMS export extension until an adequate vendor-supplied patch is available for this issue," the security company advised.
Oracle was not available for comment.
Litchfield expressed frustration at Oracle's response to the problem in Oracle 10g Release 2. "This specific flaw was reported to Oracle on the 19th of February 2006," Litchfield wrote.
He went on to give details of other problems related to the issue, which he said Oracle had tried, but failed, to remedy since he first reported them in April 2004.
Security researchers have criticized Oracle for being slow to patch and for not working well with them to fix security holes. In response, Mary Ann Davidson, the business software maker's chief security officer, has said that researchers themselves can be a stumbling block to product security.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
That's why this story doesn't surprise me. Quarterly patches went out the door a decade ago!!!
FWIW