Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Oracle fixes pile of bugs

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Oracle fixes pile of bugs
Date: Wed, 18 Jan 2006 03:06:44 -0600 (CST) 
http://news.com.com/Oracle+fixes+pile+of+bugs/2100-1002_3-6027847.html

By Joris Evers 
Staff Writer, CNET News.com
January 17, 2006

As part of its quarterly patch cycle, Oracle released on Tuesday fixes 
for a long list of security vulnerabilities in many of its products. 

The "Critical Patch Update" delivers remedies for 37 flaws related to 
Oracle's Database products, 17 related to Application Server, 20 to 
the Collaboration Suite, 27 to E-Business Suite and Applications, one 
to PeopleSoft's Enterprise Portal and one in JD Edwards software. 

Some of the flaws carry Oracle's most serious rating, which means 
they're easy to exploit and an attack can have a wide impact, 
according to the alert. "Several of these vulnerabilities are 
significant, and should be patched as soon as possible," security 
provider Symantec said in an alert to users of its DeepSight 
intelligence service. 

While there are a lot of fixes, the vulnerabilities are clearly 
marked, which could make them easier to deal with, Pete Finnigan, a 
security specialist in York, England, wrote on his blog. "This seems 
like a good mixed bag of fixes, quite a lot in total," he said. "This 
time it seems possible to isolate the areas affected in more cases due 
to the more explicit naming of some packages, programs and commands." 

In addition to the security fixes, Oracle also released a tool to 
check for default accounts and passwords. It's meant to help 
businesses defend their systems against the "Oracle voyager" database 
worm, which takes advantage of those default items. 

In response to the Oracle patch release, Symantec raised its ThreatCon 
global threat index to Level 2, which means an outbreak is expected. 
It typically does that after a patch release because malicious hackers 
might use the fixes as a blueprint for attacks. 

Oracle has been criticized for being slow to fix security flaws and 
being unresponsive to researchers who find bugs. Oracle's chief 
security officer, Mary Ann Davidson, has responded in turn by saying 
bug hunters themselves can be a problem when it comes to product 
security. The company recently said it was adding more automation to 
its bug-checking process. 

Copyright ©1995-2006 CNET Networks, Inc. All rights reserved. 



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Oracle fixes pile of bugs, InfoSec News <=
Previous by Date:  [ISN] EXCLUSIVE: TOP SECRET NAVY FILE FOUND IN PUB, InfoSec News
Next by Date:  [ISN] Microsoft Refutes Windows 'Back Door' Claim, InfoSec News
Previous by Thread:  [ISN] EXCLUSIVE: TOP SECRET NAVY FILE FOUND IN PUB, InfoSec News
Next by Thread:  [ISN] Microsoft Refutes Windows 'Back Door' Claim, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]