Share

Related Stories

Top 5 Stories

News

Oracle warns about privilege escalation flaw in its Database Server

13 August 2012

Oracle is warning customers about a privilege escalation vulnerability in its Oracle Database Server that could enable an attacker to gain control of the affected server.

Oracle stressed that the vulnerability, disclosed at the Black Hat conference, is not remotely exploitable by an unauthenticated user. However, a “remote authenticated user can exploit this vulnerability to gain 'SYS' privileges and impact the confidentiality, integrity and availability of un-patched systems”, the company explained in its security advisory.

Oracle said that there are a number of its products – Fusion Middleware, Enterprise Manager, and E-Business Suite – that include the vulnerability, but some of them may be protected if the customer has installed the July 2012 critical patch update.

“Due to the threat posed by a successful attack, and the public disclosure of the technical details of this vulnerability, Oracle strongly recommends that customers apply this security alert solution as soon as possible”, the company said.

Referring to the public disclosure of the vulnerability, Eric Maurice, director of software security assurance at Oracle, wrote in a blog: “It is unfortunate when the technical details of a security vulnerability are disclosed before a fix could be made available, especially when the disruption resulting from having to deal with an unplanned patch, and the amount of time required by customers to apply the patch, may yield less of a security posture improvement than other security efforts, such as ongoing hardening and auditing.”
 

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×