A long-standing critical flaw in Oracle Database will not get a permanent fix because the work is not straightforward, the software company has said.
The(TNS) Listener database component, which could allow a hacker to break into a database without a username or password, affects versions of Database 11g and 10g.
Inand said it might be able to rectify it, but noted the difficulties in doing this. On Tuesday, it confirmed it will not issue a fix.
"Because of the nature of this issue (amount of code change required, potential for significant regression issues, and inability to automate the application of a fix), Oracle does not plan to backport a permanent fix for this vulnerability in any upcoming Critical Patch Update," the company said in its July security bulletin.
Oracle has known about the TNS issue for at least four years. It recommended in April that Database administrators apply workarounds listed in a security advisory. A proof-of-concept attack method for the vulnerability has been made public by the security researcher who originally discovered the bug in 2008.
A spokesman for the company declined to comment on whether theof the software, Database 12g.
Oracle's July Critical Patch Update contained 87 fixes, rather than.
UPDATE 11.30am BST 20 July: This story has been updated following a reader comment.