Oracle software 'riddled with security holes'

Surrey-based Next Generation Security Software is reported to have discovered dozens of flaws in Oracle's flagship database software
Written by Graeme Wearden, Contributor
A UK company has reportedly discovered over 30 vulnerabilities in current and previous versions of Oracle's database applications.

The flaws will allow hackers to change or steal sensitive data, according to an article in the Wall Street Journal on Tuesday.

They were found by Next Generation Security Software, based in Surrey. David Litchfield, managing director of Next Generation Security Software, is said to have discussed the vulnerabilities at last week's Black Hat IT security conference.

Some of the flaws are said to include "remote, unauthenticated overflows that can be used to gain control of the system". Others relate to the PL-SQL language, which is used by other applications to send commands to the database.

Neither Oracle nor Next Generation Security Software immediately responded to requests for comment.

More to follow

Editorial standards