Oracle Hacker Gets the Last Word

Database security expert David Litchfield
has unveiled a critical,
unpatched vulnerability in Oracle’s 11G database software that allows a hacker to take control of an
Oracle database and access or modify information at any security level. Two sections of code within the company’s database
application — one that allows data to be moved between servers and
another that allows management of Oracle’s implementation of java — are
left open to any user, rather than only to privileged administrators.
Those vulnerable subroutines each have their own simple flaws that
allow the user to gain complete access to the database’s contents.  Read the full story [Forbes]

Database security expert David Litchfield
has unveiled a critical,
unpatched vulnerability in Oracle’s 11G database software that allows a hacker to take control of an
Oracle database and access or modify information at any security level.

Two sections of code within the company’s database
application — one that allows data to be moved between servers and
another that allows management of Oracle’s implementation of java — are
left open to any user, rather than only to privileged administrators.
Those vulnerable subroutines each have their own simple flaws that
allow the user to gain complete access to the database’s contents.  Read the full story [Forbes]

Suggested articles

oracle solaris zero-day attack

Oracle Solaris Zero-Day Attack Revealed

A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.