Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Database

    Oracle Patches Database Vulnerabilities

    By
    Michael Myser
    -
    April 13, 2005
    Share
    Facebook
    Twitter
    Linkedin

      Oracle on Tuesday released its now-quarterly patch update, plugging vulnerabilities in 16 different products and applications, including the first patches for PeopleSoft applications since it completed the purchase of the company on Jan. 7, 2005.

      Security experts see database vulnerabilities as an emerging threat that attackers, enterprises and database vendors like the Redwood Shores, Calif. database giant Oracle Corp. are all beginning to recognize.

      “I would argue that databases are becoming much more understood by attackers, and they are significantly more valuable to the criminal element,” said Jose Nazario, a security researcher for Arbor Networks Inc. in Lexington, Mass.

      “Databases are the basis for compliance, and that makes this unique,” said Ted Julian, vice president of marketing for Application Security Inc. “Its where the crown jewels are stored, so its added an urgency that other parts of the business didnt see.”

      The most recent patches from Oracle address security vulnerabilities found in Oracle Database 10g, several versions of Oracles database servers and application servers, Oracle Collaboration Suite, E-Business Suite and Enterprise Manager.

      In addition, Oracle created six patches for PeopleSoft EnterpriseOne Applications and a single patch for OneWorldXe/ERP8 Applications. For all products except E-Business Suite, the patches contain fixes from previous updates.

      The vulnerabilities are rated in a “Risk Matrix,” which ranks the impact of each vulnerability on “confidentiality, integrity and availability,” as well as how difficult Oracle expects the patch to be to complete.

      “Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage,” Oracle wrote in an accompanying policy statement. Its an ongoing debate in the security community as to whether the level of detail provided by Oracle and other application developers is appropriate. Oracle states that it doesnt provide “specifics of vulnerabilities beyond what is provided in the Critical Patch Update.”

      “Its my opinion that that vagueness may actually work to their advantage,” said Shane Coursen, senior technology consultant for Kaspersky Lab Inc., a security firm in Woburn, Mass. “When a security vulnerability is discussed at length, I dont think for a second bad guys arent learning from those discussions.”

      Coursen does believe, however, that Oracle is still learning what is appropriate and developing its patch processes on the fly, as its only the companys second official quarterly “patch day.”

      /zimages/4/28571.gifTo read more about Oracles shift to a quarterly patching cycle, click here.

      “Oracle may not yet be fully in the mode of having to provide update patches,” said Coursen. “Just as it was with Microsoft, Oracle is going through a learning process. With a few more iterations of quarterly updates, and with good communication between their developers and their customer base, we should see an update process more and more refined.”

      Julian at Application Security Inc. in New York agreed. “People are discovering more vulnerabilities and forcing Oracle to do a more thorough and regular job to patch these vulnerabilities,” he said. “Its a cumbersome process, but at the same time, the stakes couldnt be higher.”

      The security firms also believe the move to scheduled patch day is a blessing for enterprise security teams.

      “Its clear to us that enterprises are pleased with the schedule,” said Julian. “It makes it feasible for them to create a process for deploying their security. Without it, its almost an untenable situation.”

      The next round of patches is scheduled for July 12, followed by a Q4 release on October 18.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Michael Myser

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×