Home / News & Blogs

Attack code out for Oracle database

Joris Evers | April 21, 2006 1:30 AM PDT

Summary

Computer code takes advantage of one of dozens of flaws Oracle provided fixes for this week.

Topics

Joris Evers
Attack code that takes advantage of a flaw in Oracle's database software has been released on the Web, raising the urgency to patch.

The exploit code was published Wednesday, only a day after Oracle released its quarterly Critical Patch Update, security provider Symantec said in an alert to users of its DeepSight intelligence service.

The exploit code was published to the popular BugTraq security mailing list. It targets the Oracle Database 10g and appears to give the attacker higher privileges on the system.

Oracle addressed close to 40 vulnerabilities in its Tuesday patch release cycle. Some of the issues would require an exploit for a successful attack; others would not, according to Symantec.

The U.S. Computer Emergency Readiness Team added its voice on Wednesday, urging users in an alert to apply Oracle's fixes.

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity