Faults found in Oracle systems
Faults found in Oracle systems
Research conducted in the UK has found 34 faults in different Oracle database servers, and most of these flaws have been identified as extremely critical vulnerabilities.
One of the flaws, uncovered at NGSSoftware, enables attackers to get control of the database server with a userID or password.
Another fault provides access for people with a userID and password to the database server, albeit for low-privileged users.
The company said that 10g, 8i and 9i all have vulnerabilities, so users should activate the patches to fix them when they are released by Oracle.
The flaws are known to do with the Procedural Language/Structured Query Language and its triggers.
NGSSoftware recommends using BIND variables and validating input to protect companies against PL/SQL injection.
Oracle 7 is also found to be faulty, but it is not supported by Oracle so patches for this system will not be available.
Related Article: