Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


Oracle Patch Set Plugs Widespread Server Holes



 By: Brian Fonseca
2004-08-31
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Database story.


Rate This Article:
Poor Best
The patches aim to lock down exploits affecting a variety of the company's Database, Application Server, Collaboration Suite and Enterprise Manager products, with some of the flaws requiring network access but no valid user account.

Oracle issued a security alert and downloadable patch release Tuesday to plug multiple vulnerabilities scattered across its database server products. The patches are designed to lock down exploits affecting a variety of Oracles Database, Application Server, Collaboration Suite and Enterprise Manager products.

According to the alert, the new patches eliminate security flaws in the Database Server and the Listener offerings. Officials at Redwood Shores, Calif.-based Oracle Corp. listed its Database Server exposure risk as "high" if unpatched, and they noted that exploiting some of the vulnerabilities requires network access but no valid user account.

Click here to read more about the patches, which comprise Oracles first monthly patch rollup.

Supported products affected by the patch include Oracle Database 10g Release 1, version 10.1.02; Oracle 9i Database Server Release 2, versions 9.2.0.4 and 9.2.05; Oracle 9i Database Server Release 1, versions 9.0.1.4, 9.0.1.5 and 9.0.4; as well as Oracle 8i Database Server release 4, version 8.1.7.4.

Resource Library:
The new patches also eliminate exploits deemed to be of "high" exposure risk within the Portal and iSQL Plus components of Oracle Application Server.

Specifically, the database giant said the patches support Oracle Application Server 10g (9.0.4), versions 9.0.4.0 and 9.0.4.1; Oracle9i Application Server Release 2, versions 9.0.2.3 and 9.0.3.1; and Oracle 9i Application Server Release 1, version 1.0.2.2. Additionally, Oracle officials said network access without a valid user account can be used to exploit some of these vulnerabilities.

Although the risk was deemed medium, with a valid operating-system user account on the Enterprise Manager host required in order for an attacker to exploit vulnerabilities, the patch rollup issued Tuesday also offered patches for existing security holes in Oracle Enterprise Manager Grid Control 10g, version 10.1.2; and Oracle Enterprise Manager Database Control 10g, version 10.1.0.2.

To read more about 30-plus security flaws uncovered at the beginning of the year, click here.

Oracle recommends that all of its Collaboration Suite customers apply the Oracle database patches to their information Storage database and the Oracle Application Server embedded database. Also, those customers should incorporate the application server patch toward the Oracle Application Server infrastructure installation and each Collaboration Suite middle-tier installation.

But Collaboration Suite users who have already upgraded their Information Storage database to Oracle Database 10g Release 1, version 10.1.0.2, are asked to also apply the Enterprise Manager patch.

Concerning E-Business Suite 11i customers, the Oracle security alert suggested that customers institute the available Oracle Database patches toward their existing Oracle Database Servers. In addition, E-Business Suite 11i end-users should apply the Oracle Application Server patch to their current Application Server releases.

The patches are available on Oracle Technology Network and on Oracles support site, MetaLink, where registration is required.

Check out eWEEK.coms Database Center at http://database.eweek.com for the latest database news, reviews and analysis.

Be sure to add our eWEEK.com database news feed to your RSS newsreader or My Yahoo page



  Reader Comments: Oracle Patch Set Plugs Widespread Server Holes
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Database Articles          >>> More By Brian Fonseca
 


x}r㶲s\@♵MQH)ٖZc[^f&uT I)l+9 7](ɗdĶD th4I"f\:̢d7郿O$wmL9P[ Ϡ^#WZj:@a5ۍNz&pDwd>J`OS{SM 5Ǔ6ߙ1=/SmL}F7\3Ѣmeb ^Pk$ȁ_ ܢ%yHCRpDRงB@TeG$oQX}؁䛿Q=2tS6B!|HJKd/B(?F#c?C=z'f^B(ʻF{ikiC2hj9TN`UƞfnڭcŰ A#c9p<^j Go,gu9"ScO$աNI 0:Q#@XSTHԢfFԴ;gj5[gb=ױ}ǣ# 3E5L_FB$fŭ0rb} O,Ӈ;) ۱ȭB ¿{kײ߂CM{6̳L]b6jۆ@ظ?0} $ꎧchGGP5#o83t6 dݺ;Rr bTJ#gC L{hTyݙ|7ڷ~]* U:G -;жD^ԢZt{ݳ>~j_\[r  NֶRߘ 0Q\&*+Jx4M2A >j`%rM7JQ߸+z^T Z, Ԏ$0L" J1~̢(:2q}?-~k~>C,[3sAVU̠`W:+㽩S=;}\vo{{CN۟:'gg:Rڟl3H/kCp=['^=:$~~Zz>540V+%%32ݓ6 I|[<)y47Q[h,r$brF~DX ,>JAͼ94o o SNE ;- ujvfP:o43@_x0Fu{f7r'@kFkPYD`k6R\ 9lbsv!fByP:?oz@@jR~nV(U7rdoF" 2#~B(&pHqbNbO|૖yp>jY]6'tauIUis[RށYx>%U.۽^}8^%g 5F8 ,heݴ%!8WG5MGZǦcWPT;*R85|Qnl 2XjXvR7HYA^ǟgtA:)~Ҧ>RÜMCͶOCGs>hH2胆6ml-h$ ,70}HOQI 47X(x<cOgv/|\aPn#D57 l"v|3c)м`y`27C?F{t( 5,/{@`\@Z8`$8ʼ E ]qk3B7}hN5҆&QcSB]jJdN˕ }*@FX mNt"AђF *4 gscX"C"'s`[X a+R .<BI(cvn<K){TKh!+K@fsfh(4{~u}bB+|#'bXr`Y \h+|i)lc ը[6؛RHU|:IoB{42u0sҺ<L -XS LF3pEq!4ÃiА4Xy笳Z&5SF`ߑn86̜07ÚL ~Dg虉m>`4fs)wdm˴c7UBgsNPB/W2 \_&VAB5 6d:ɤPlͳrt+[Y3nR>ra*j ?{`ELE2a5?%ӇfS/0}ęR3BZsOsR| ~2-$֒e{_No6y4 mg@xC dlK/,:(+c:K_jihH*6@\\1,# %Σ?0Zԓ686p#}nP rQ j#Sad$V+Obsǖ@@@wh ؊-riz6<:NȃX%鹞`ۉԱ3 lTNϣ )a!w1N)6A߰ TXfRJMIlbs(zq X0b=Iߛ8]%W5f/K+Y{yaؕZRB|vnN >0|pT'@pdZ`0R7:¿4wҵJ)݃Y L5̆r(1Iڏ9&_Gƅ Kd^s`O[`T9#DzlʠlN9 QZ^-L.M{ \mpfZ FR.~~i~R`d;(l^p1,4ra,?@R5V2Sghu魧{[T+j[pfNP$!5  dj>Ǿdo':#Hu~HLb46\,0|*W*U `n*Vѹ(٩% 7]@.&Dtl?`"'>Ѕڣnssa*/W3g ZOZV,֪19P+Rjs3;f~~Ļ8 iߥ: 9pF#~y6w'ϷTFe Y<\-w~_w^9Z3:?b+ ;0E<& {HeޛCyVa/bҧJǦ8Pz0o`!VPŖGasg'bh!.~0 X=0`6YRs޽e=Q]_))(4`VsnC<צK$?ϺFlj} ZQa߯Y+5 (L40 Ȑ{@׾#vpTOP<ͯ!G7ثόEkfh +RSJb/ $6a!uݛEvr}l~EYdy3is32k-_O澩Ç˙yrn8z|.Hg\QJkhƽ "/^js9.^ٸ y;@<uEU [0< d&T~#\{YRvVlΠ7`Mmg_k0ͮ 2 \+S1nxʧ2Ad r6#_>L=;LF;S0\]>w6EL 5#"Y]=(RPc0:]bW`a-0/\P.m6 z47D.3ȈDrzZB*>-#l\SO6[\rR)U {259p\SemimN7oE) ZxhUf̈*2B;b`"-]kۛ4|l&\#2Ob 8bX0٩* ~s kbT pz(rC5E;4OM5QJl"I(}O,%ɥ:m1RKbU)j>*Ur2j,j./ <6W"0טތsb= l; e|R/Od3 8@XԸ:`>"uN:$#oNe} Gya8dB*PvB, oHŸڐ}dvnvK7m}-odD4|w/ΕI{OU[J:^w9"臗ZW,YE#0B\[7!5Bk;d4)@3zI]a+"AK}Ùc‡9I.Dz=d_Ug0YTth- ۳}o#( Bf/3b!|FG<ޅA(5 +JGvzѩ{mE2-bcAHFrI'zRG>gM3^f Rt4zUr:hעo)MJ!}J_cNfo4~ P=8,ph%縵vi^a~:)}AmN9˙}DҼ" Í76w jE p!ASB9kթ$-ݱi'> ^ax!w,0q؁B;DXa2Ba~=m1m]$L<2GтN)tJȓF=)I"8IUF4A2uIH?Md0XPW hق[W'59ܻ8^]ҹ|s%;yRb QWZ4ҫ:BrcACp0 4ajCrWR~=ԥRW%ݝf0z3ƍ`/awʜW#}` ?Y ./v6}`>&k>dNi `ֳs4GϝM(|;<6lM`<?8~InM<:** fXe@gL5Fi\uuoߐ9ar܆cAIk#G 6j 2}?Jdc: M"I^QԼڭUdE)IW=ۋN?S~`q@+<#ctHߴ/lځ;-3(lm3{zi8_2{K7Kx=*~#'LwUv@r@qSx6{geQJW=(q-@kjyAJ\"~^]䑽DXHڃ}co[#D:*pc޸M l;mmݭnM M A;"J [4 2UCnK_:1iE0pDa? W^M·⎭zgQ$g IV_NLRGMhTWG#<O3˦Ϡh܏QxOzS Nտ45j#wU?59{<ދDPd)9|tJ}޶b ohdA0C c(˚E``]{,Wf[$B4j91j3^NDBsKzɑ@vGj1bd(!u)E4of7zIlxFf@]DCY?K]bgӴ1㩝dM'u[NZER ۲k鵴G$<,VG9޾^5­NP-3_z,pF's t3G0 Yb0bp_%clF|;u]9UR*ϰMmInךHIRHTHgTƄ;%e5tR$C )Vc 10&鼚9V*klnWoWRf[βR2 !)̭ViZ@HAdr \=hi<4NZf3YYJOxT ܨܨܨܨ_ލZQc}Դi,6ÿҭKscPM+b:(d+?W=e mNFbH]^x(VG*-ؒY K BB{S@"Hu_!C{reQcL>&!9B^ڒk^KRA8ugFvQ3b4W`F| }p1IA[bܺꖜbOWRs3eԄJVy:},CRJI :Q6rPY*&$>aP⥉ti>-Ŝ)D$.2UQ(cTSRx HB"+Eڇ*o $AɈ3{q1;DœgHLqo-ڒ _ ?;E8)ĉ\; Q+u%u<+wוK@]dZW=\#8>uܘk \{M0;B} ,i}]q50B c/.;S[]vuCDY7[b"ͭ}iݺEdM7[‘).:obkD\*QƒlB4/H)H L>b*&2$&Й&Zߢ@D8~=:)؇oms_@!#ę /9Ic*]ǧ_;!C )@:|~L~z1XG?w}g{4O1}R__VV- /*`ǵ,k;hO>i-b1DKb@/]j S}L h0&[tSMɯvgCR{ctq"o(D7vPln{ ZWqic2so9hF!i3OI}l| Э8)PAgt~GD)^v2gfSxd vf0}QCu&)[y菉kxD9 ? KD)PG!]B~0}^0~ j~h!4BX[D$& wX3CvH rซذj~r,zۀ6 %T9ED)96i>#'Ǯ,!/B^]X’M=1I,s1)ڊbM/l@~LjC O]cxc) +hxB,Tw<&6Ë/-IyoYK6qNfAfQȢiA\1ΩV ueb?=G/ttAk-c"]N1xy[?L̀+5fL6P;qU6'ad(`Bܨ4|z`)`zҧEd#us{Z**)ۚgIp\\*!EL,S#`Q֋^Vb"WmLy:ah9SF;6vCknnBfϋTx4V3B{sdҋ1/նW)'$ +Kf0Y+ 6Ƕ(Մlk[s!.04%n'蜜kf悴MKqnj8TJo[ J}J0c[q{ZaR 7TQ bUh%!mF(hdtix*#fSxч+pS CR,6$AeЃ5T?0мG )VZaQb+Y75 oU@8AnKidt _|L`߄V>8 :{bR=P[)87/VC1"6r?"I:N~^P^ԓFpS;"΀௅oX{+$ʽOg-<-RWld""@Ո^ _پm? ?:}ۻhzxX2 Lp@bk.3 Xh50 wOlxr`(Lt`n0Os.}lкlɧtC!嘭#!+^bΑ,sh~"1";W'pp\`sr(@Kd.L*2&Bs8{_oz=&>M%œ 5" a2)mDR,( 3[36#&|-GĂR[gy\31Faŷ^(l;b21#|>O$N18(aU T, ?B5DSJTmn$|s ޣ6T,0A5A"\2}Mݣ0]Ln 0/YK7`C'[B@ g>򽉡0u3<s!aZ;<$Q“$Ѕ:y,@#!9ωŵ1ka]NLݗ>0(-ŌC 5Z(OBVBBveX &z()—o.͊g2VqN&JZ!`xFNRsdhhz?{7_Ч6#&DsкLκ7Enmx;\;+rܾ'lkEQvqIY}}ӹg&hT慶L۝%,C rvպl3;eFq(ڣE1B*rK x5" /%Lqx&0fϟD~Rv}Y QJNa21S:=izj6Z[AyYW'>;tɉcdhw>0MuQa`1D*'M&7bQ׾hIk&5+ۺv(2_2of}I 8QޅnF9rz})ഝQ~'π>gyNyY_95;пNF?ӹ(w2k~e/EK,c|. /e|e}/>/3K D(?@?2/2*c|@~2 *cnF _?3޿x&z/_?}OP)'ߧ BmV9mBf_ry[rֺƅ)qFy9VD=՞bMdG,DlG\%f1'a:D4k{HO8ѭ<z[G$ZQ=PW].6ppSn&o U` K}NExvY^]Yj7m!ϋ9y}³2wفGhO WX-Jbġ$Л=ʹ}zVj?f4c&Hu1nol(O6 8 ߜ:I<w RK,^ ,>O1 D -BjhN_i{m م薉# sgCRRՒRJZVrG'70 = G1wQTY)ȅ[V r 0X\^9Q(Fuoo*F0fy=q'a1V1;BDO"׏ ѱFC$WeL ,$ unQKp^Wv,Pf@p b/[{8z=(ū?0}UIW1hӐC Fؒ%Dİ-= N>@Og#xF,E~f&g-ԛPo 466{Xʹ)9P3l1@xTsz\jn2%23U{:\xT "es͍B`u ,jϗ=3;nb扵U$7O#aU[ {w0˹fU:x, #XC0 |'3_J;ql>9kspnL"m,w?cPxUE'0P;Cf Kǣ,h :BQZ`-ăW n,='IDπjUMf@gQl)VxHDN=yn%()%y+6(مx[*HԶx D&]*$CbF8] MAlC`A]eKB$ug EϩfC>X읙fc.Mc(ŬBCd=)O?n'[nI 5E`0l`ehDS,T6y *>% / i %:=-/p,Zfɴ!(F[0?M "+1<&Eߟ2L\-Ԣ?MSg(\*],1Ał?vLw699 3/&U@EqDgPvx 6s6Na^|˼+AўXmw0w6L5/#]Z$&+$~Il=fu{+Wrcd+{f:ePEX&mfHEרk,^zeXջ&gP9N]Pjãō ,Wc&G[0tcf7^=קg[8KIJ y2 !NZxyU~ҥ^.I,'_cQd+8*)ؐskpe3}"@a)5dBLN So 3pRaL (b[и<>v,SsϢq9q9K1E~RWz:U9w,νk xٚջHQ#z.fY|Ђ!gn耵]1fZB%hw2b5_yROȅ^b\YBC^E{N~g!gݫtֺ\|>! *`'ÓgG/>!D!6{xvypEI{CKxqǫS)h,)ZN洝 $z׭dEg .A|>hy6#xL M4ZQwN㛼VtƢI:6pzR/jŭ{g;a+b(1lS24K_hjJlxTʉ|i07Nw6Ȅ В#nvbesm@'