Oracle released its latest critical patch update on Wednesday, fixing 51 vulnerabilities in a range of products, including its flagship database line.
Oracle's critical patch update fixes holes in Oracle Database Server, Oracle Application Server, Oracle Enterprise Manager, Oracle E-Business Suite, and Oracle PeopleSoft Enterprise. Twenty-seven of the patched vulnerabilities are found in Oracle Database Server, including the most serious vulnerability fixed.
"The most critical, rating 6.5 with the new CVSS 2.0 metric, is a problem in the import utility," said Alexander Kornbrust, managing director of Red Database Security, which found 13 of the 27 vulnerabilities in Oracle Database Server that are patched with this update.
CVSS 2.0, or Common Vulnerability Scoring System version 2.0, is a rating system developed by the Forum of Incident Response and Security Teams as a way of measuring the severity and urgency of IT vulnerabilities. The vulnerabilities patched by Oracle's latest critical update have CVSS 2.0 ratings from 4.0 to 6.5.
The vulnerability in the import utility could allow an attacker to run code on a database as the user SYS, Kornbrust said. SYS is the most powerful user in an Oracle database, and is able to do and see more than a typical database administrator.
Kornbrust said database administrators can reduce their exposure to these and other vulnerabilities by hardening their databases and installing the minimum amount of features.
The next Oracle critical update is set for release in January.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
Like any valuable resource, IT is a terrible thing to waste. But by applying the same lean techniques that have been used to streamline manufacturing processes, IT departments can reduce costs, improve performance and better manage resources.
Download now! »
Stephen Elliot, vice president of strategy for CA's Infrastructure Management and Data Center Automation business unit, explains why difficult economic times drive the need for simplified management capabilities and advanced automation tools.
Listen now! »
According to a recent study CA conducted with 300 CIOs and top IT executives, 64 percent of respondents say they've already invested in virtualization, and the other 36 percent reported that they plan to invest in virtualization.
Download now! »
In this video learn about process automation in a virtualized world. How CA and VMware are enabling enterprise datacenter automation.
View now! »
Recommend This
