Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


Oracle Warns of Critical Exploits



 By: Lisa Vaas
2004-10-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Database story.


Rate This Article:
Poor Best
The company says critical technology vulnerabilities have been publicly exploited.

Critical Oracle Corp. technology vulnerabilities have been publicly exploited, the company advised in a recent security update that urged users to apply the patches contained in its Security Alert 68.

"Oracle is aware of public exploits (as indicated in the latest version of the alert) for several of the vulnerabilities, and more exploits may be created," the company said in the e-mail alert. "Security Alert 68 is a critical security update and should be applied as soon as possible."

The vulnerabilities were addressed in the Redwood Shores, Calif., companys first monthly patch rollup, which was released on Aug. 31. At the time this story was posted, Oracle had not returned phone calls seeking details of the exploits.

Resource Library:

The vulnerabilities in question, however, included the potential for buffer overflow attacks, SQL injection techniques for gaining access to Oracle databases, and the ability for a remote attacker to take advantage of a known, default user account and password.

Other flaws allow databases to be exploited by regular users, who can crash the database or escalate privileges to administrator level. Multiple versions of Oracles Database Server, Application Server and Enterprise Manager software are at risk.

Security experts and Oracle watchers are pricking up their ears as they spot message board posts such as this one that request further information on the bugs.

"If this increases or the information becomes more readily available, then some companies are going to have problems," said a Weblog entry posted by the Oracle security company PeteFinnigan.com Ltd. "Exploits are not just used by Internet-based hackers; they can also be used internally by employees."

Check out eWEEK.coms Database Center at http://database.eweek.com for the latest database news, reviews and analysis.

Be sure to add our eWEEK.com database news feed to your RSS newsreader or My Yahoo page



  Reader Comments: Oracle Warns of Critical Exploits
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Database Articles          >>> More By Lisa Vaas
 


x}r㶲s\@♵M=Ҕlc-/K3NRJEĘ"Hʗd/Oo<xӅ|LO-`n4w~ I Ӟ ǘ[cӑGLzIj}ݻ@BizNU sJe>HwW7nQ;^> \?g#Q;Y|}^~b .hѶ ⌳IlG5tyGѢ%yHCGu)pC(DsXqDǎH;*C'x8ӽi/DeO‡^b&{Bq<5;^7;0k|Ba5w0vK]K<$CM-G ؓ ۭ@5lvy!rs#g ݻHݠLo$Gd`jI:@*"4C2R!p59Rը>3-u@|ݖ|cXulAzf@dȢq/#!_TBp` VRBm O,Ӈ;)xtcE[Uֶg5]v9s8$sz3 wZENX* ?q7tJaH9EsؗCY֍aFY6o@YGZ*մ*rM)֎iνoĩq#gvTo|wUMSEsv#GA nmkh[J"ZAP\tNi\v? 9N|'[oLR*rP8%ȇ t4,{/B oVqW-b)ڑVP]G$0L" J3~̢J >gsK߾ڤ>9;O}1fP+M~(#3hؕΊgxgZuܜn9n:MvIs!+=BgCj`BmiueUo~9c_C"wA<0MߑRMRs~huO\4>wNHN‰,-Yt7Q[,/s$B&rZ~@X*,>JAͼ94o ߦAf@w[@0+:j56kiJuf!`FܼNR49Vϡ蟩$Wm4@r1YSl؅ RMo4x M XRU>hI"E[fŢKdoF" 2#~B(pHqbNbϑWMCzlNTVʒ0Wb{g(EށؓitnUO^ S3G#вnZsV)b1x,VRSWL F̶-a[e)uu}x?f NQ'}5>m;4}t>჎$>hƋMri>I70i|V83uCuӹݰ=Wԇ9[i50C m|&>ld$4(sw[LLσ JCˋ0P 2/?>axsO>ȁ{0g`sDowiC1QB\jJdN˕ ] cRRP$C$hI#r Bг1,`@o!`G`[Xk ab .<ҶBICvn<){TKh!+K@fsfh(4{~FX9{DMfT`B[ᛥLKak`FZ,#M& yD == 3ܴ ҄%Ll;i`0Ґ(e`9ޟx=n;A뎒Gt0fXfZ1k`JaǺ@dufB7g Ʃ9 R g?fx0-qڛ:#Iq^i.;[@Lg˺z+fYF^ӛAt ]օVPK@xC dlK/,:+c:JK_jihH*6@\X1,# %>F!1~h/a2(_KpSw{{jaaC+UVjG,-s9Za5sV@@@7h TlVCax5Zz' As,\OT\r G p6h>JeHǝ:~Lҧ;BSjb35-F  ? |'+Ggбgۋ°w^^v˦?~5l2^ۄC= 0͉V*a0؋TMq?x;HySI_.)UI$[b"ud\6˰@e9ִ&3v,˹& zfd~$a(Juѧȅi s M~N!V hPQ1 "I;t/F#受Aܧ^ǨO`Dk 5o` 2l3s&/zr|pE% yL*~Ò?DFCizi}~هF9#,!'HHo?YDjP6SC+jrTT+ oV Ls1)' Sf|ǁ3Syw꾿giԛ_ڀPz;gn!W#sO.S˰)c.# ,c` $̮$fG` cM)WHF(1 .KTNjZ0=: ͼz4_?!'AG50qH&{3E689o:+@%5-r ?Ť֊k[SsGŕR CȮcf>Fu*ZWּӪ`f/Bc$D!S#2z q[kh0h-f;Z;pLjg  k欩h+sJbOW2EߙizrulFYTy3is{"s-_M}zK>'8MG9Fi$]k|;P rfVȍ#w6霎0 M`}G ϓ1W5 `,fqNgGA:+lCs0X3f~Wk*ktx{Wz&[wܕ[? ܱ ϡRD71PUL xg4sfDcK6jM+'& jZ,lγ>AqHlw ~'a%MO0=@" c].k|Y{~4si l}KUה*eάɢ7(Ъ#iB/%9bvv$Me"٭PSV82V6J\)aoA~fZT(g0k(G܉?^nVɵڽv?fIG|)AU7ud*+ZR<* 9 ^  lZvXCKkpo= -2j>uR`fK%2_vܖ[J,]A>a u0 mlrKz]w޼\C8'̕KIl'ϱ+Kz@utCʪVuZU ՂVE'sL؞EA(šd:)dnQ==׵!3݀,L)~31Ȕ:ɹT.jZb[)Uʹc"a!`0X>2( ,~w9ـo9 |\V*Z슣d9#T`| @-a'd1s<6ɷwnh‰?چ +~7?l)ɡ$ |BJ D;}ZPf&3 111t/xqi`zUGK( L $q)YUihja{I1~G]ItM?;$Sv/is!1`$#.[R&ø@oٷ)P K #F1>dd˙]=+boVta؆ۧ0F@IDW~Bh^\/~tϻ(9\dcxx\M#;R%9!hUHv:<fShmǛ&aV5!F襑a3+"AKվ̂ Ӝ$"j?N3dn ʣZ4Skފ( V`!1d|PR# (ʑ=`=`VVwu%:\bϻ;$VB 0FD_TJi)4z'uSxjt) 5E_ſ}i T t6~OWK0wfAda+F+9ǭZϤ{~@Hy 9os_<#Qen1~KP -Mu?So4 jGYkNEm=O[?G0 cl9a(1|$zdea#ݒ:p<5G :)!OOp|Nhk'I^VR6T$4%!44QLNbC]F+Cg һj^nOpVHp._xvImK$h dgKe 3 KqkP I<+ `->gԢᬖ^}+ ɏh8#z])G? #̫rHj-_9UkĶ3 = {'M{q?K8t2Ti\'sXsw{ѺB ?݁M5=ICw5G2aє{`ֳs9[Q rM̴E{wmhG(V=w9c99V7ʳ/q!~<,?4nڈb򇴺'~4/韁&m_ |1$?[Н>u?y{do&=)sǣAlΜu9obJwfimԕŞa4FKp?Koҽ{g;ᧅ}Es7tRTsd{I6$BUUk ۻʾ\EVe.tٓ^t;>ri ,F}d3DoӼ4hAxn>7 <}tK7bRo}|}& ~ ]=PI=w뻿~=Ғ(r_&ZDNpw5Q {qI9.t}?,J`\Ty^v} ,$>?G{o[#D:*p&޸q9d(΀[,X SfHX?N:o(}IN0g`BddAWAg] 9RYn!6H64qvaAhӔ׆.Hyt8(=zgQ֩DU?ۧiEl]T _p'd}05Y{O0є,Ilv= RuU8;ΫS.=Qv'128F_V# 1i);<˛X9MhI|QK 87c'6FH_-x7ړ8b2&1(шkĘjA}(5vEG"q I@vj1SW\OxZ{]WKR-I%A0WSaċFzFx%6x"!~pjd4eIQ%^U-\h*&%  0:$ $ d?O~*ck,oNLVB&Sk2YK$Y\jHKPDO:{?Cp8RBl±]" n g >7xo`=J:阀,?Z>E@*+*&\Aq D@h(Z Q _oBR=Bg%_ȏ۪:iģRx}M#OI@H)j'Zۡء Rz:i?Oeח`>{wt>JF}[Cܲqjdo9x/:NFb}*iHFK.8Mf3qۆtX?ZR[3мz@ĒF@Xo+נYD S%lɉRZRHvM"t;TlI-cjx,s>AҜ?ye-xG_Vg]icCyMyMyMyM|JXڼ#"Gd\Sqdē_R/Y}6b}Uڳ`Rه O~^-mlYk~;_59J7x1LTtw=#qH 0pR`v/OdƂ*i#0{:^2DErJ :3T)M6m)5zXaVp!"4#U^0!M@|ibql5DE20z@ag|Wxѫ_ Gmf|ibMJd[T rԖn26 ґg[L#C?b —>KmbidjwbfYooל-;_zn|ELRu+C³M iՒl5s%]Q!ric4C"^s#ONͱ]X N\355}I_Ic[]h Ν3R7lş-z6\5qA 8u\ݲk&.⫽&MFŗ1{[dp=/R4`y^*DGM l߼!۩LfFRso ZߦL?m_mau'^%/{*Gg]J6c5>2|6GLzl^Jif-e։5V$2"*ΘhV,P2aDKopAd-.3b1DKb@/j ֐}̙+0+;3}9loṄx[^1!߳yxȾ](Z@ln[,g+hV9T %\k> &OC g !n1J\y0|^X%3LK?#"& KK=M͝).a ?Dy um|y#o?&.1&S(,1@^t7 ]G¤t'O|pD2~(9! <7υ=`=x ߧ.PO>:p=1*(.,9-0 / 2n?L.GX(t`qEPb!A@4#|niIAwDQ^я TeQO^tOE ^a7T%0ѯ4>(C^PB^’M=1Is1ꊚbMm@#~OZC O]c)IˋAE! :r<&6 KfRlǛaZİES,Y4𲭐K11\RëORSWK.}KBG2KN+ߥtW=+5fL7P;qU6'aAN~8_awᷭlsl׳HΜWD ]%FR)B|2n>#Ծ3=ǎ?bu{ι\`{ϰL$_~fVؖTm}qV..IJ %N0Grۺmꘅ6/tdq(؟)HkDr-l *>*1LBρW1儔JzN[Ņ1iL(u"32_+@JLB(fYiv' o.'Yo/>VHUGod@2[>B8!ioG˞RS Iݹ`?Ðs{VZ"eR1@Q>ɹcMNVBE< ,i  YC) Q?yn#B s<3DD^ôG͈֜ gV:Bn犉1J \-B@e=Dq{yct?=I'AS "PV: ![C P/1MFKJs ^J7 X`tA"\2,GGA~2?u:RJ%~6t0^Q1e&}[7Υi@EZ<& .ycI ^yN4X+ѐ hm?ݩ9euGPbJU(IhRW|:P |+R0cU-%r (_oSwV7X z+i+ 9Iˑ1;^(^r@|LBz،\Sݾk4!k$6}:\w%9nwoo;u{i}uݹ31F;6M&E`<ejE)sC9,jO6W#\grxixɎ(ah,.6tIw(%lGyї51oLl+SS=ViԊkm9/j:ٙ%KN#C7p>r:γ PU8iz67anq4ħyO\#4[E9yFG(Q+Q~ O͌.w3ʑ[@V;O֗}N3!>Ag\㬳5:r_'\fC;5>2_֗ 05.2_d^dsA " ϋ O /?C3(?(#/2a|/32C~.a.3Ư f _ *?32  ?/)>Crs~~3w7Y7{dwɹN2!(ofY NoT8\8_JeYW@a uyQ^ }VV<_`fkWt.rf_2 %;[?[vNBX\jzr+^gi5v+iAm{} yW /"yeoRF AQ(gG6+F.Э-'ވm]=g%Iy=0?$Mu{1پWߕ\~UnE+tVq&R2#s"q6G#aN@AgH#|,y|e8Ntw1 }^fh#]~̬(5(G.v8)n70pK|SG0nsOkr>u'"[~|^Y;yx߇ oBgU:>j{4oqa n>Qއ^V՟p3nc&Hy>j~h|V/OUq< 9s u8y$} X&@Y$'}p)cعkj6QWCtJ# ۘn~o80tc0L;J墦 V˕R;~O;F"ð"BfATMVYI0ZYrF(RB4|;یW)57tCsAՋpO`wB^AR(~hDoz^DltΖb.fyn%()%y+6(م0U7VAx=Զ'x D<=رGhFʪv\JT~7(JҍHqp/>~ElC3`A]|eKB$uЧ EϨnSoIcA&{F~/;v4fR*4$NSxsEz?X \vHV{0SpY ѫvl>cx 'Lw} oh>2z l|_Odxƪ~axh=&ӊ[|%JozW9Y W96~v0q=Ķ2|R4ϜepvRv ?93_[mrxgsg_(LWv:mmlP/>yGW=Q籺a|ht%+^FHM`WH؂{XiWe1RpCV)tOUANt3B W5`/=2H]S(Έ]Pjãō ,Wc-ҭ<P0_C~&?c5Vqٮ7GѺa#®u4-vѩߩn^3QaW_<tcbS,$Il} ralX ^|޹MwϏq`2[uzZ[8KIJ y2 !NZxyU~ҥ^.I,'_cQd+8*)ؐrkO` bOP1,,oԛ'TS*4.v>ϝ>zr,saG?qY)>Zﮯ.^3 {e75wSF \<ACWqk @cŵ6: ] 9l!j1Bi>cY1}p1LX+0W_kASsLeUTtCBYEL`;X+N%t&ж?8"acTx 1L(_,Yדu!{xZqƋ{El>WNENE<<Sf}')VSL_Xџ_<|ړT+O + SSq|r^k/o?Xi/6/:Jzn`ggɳ^vXvQJ=\JBS+$Z/WfLNZJ܄;"6BKFslx6 FP8 D*