Oracle XDB Flaws Open Door for Hackers
Potential buffer overflows in Oracle9i Database Release 2 XDB could allow an attacker to cause a DoS attack.The XDB (XML Database) in Oracle Corp.s Oracle9i Database Release 2 has a set of potential buffer overflows that a smart attacker could exploit to cause a denial-of-service (DoS) attack or to capture an active user session on Oracle9i, the companys OTN (Oracle Technology Network) informed users earlier this week. Oracle9i Release 1 and earlier versions are not affected. To exploit the weaknesses, an authenticated database useri.e., with a valid log-inis required, or the FTP and HTTP servers must be enabled in the XML database.
In the OTNs opinion, an overflow attack via the Internet is unlikely unless users connect databases directly to the Internet, with no intervening application server or firewall. The vulnerabilities are, however, "highly susceptible" to an insider attack that originates on a corporate intranet if users ignore best practices for secure database configuration, the OTN said in a statement.