dcsimg

Oracle Scrambles to Contain 0-Day Disclosure Snafu

SHARE
Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Email  

ZDNet: Four years ago, security researcher Joxean Koret notified Oracle about a security vulnerability in its database software. Koret thought that Oracle patched the problem in its latest security release, so he published the details about the vulnerability that he had found and encouraged users to apply the patch.

The only problem--Oracle hadn't actually fixed the bug.

As a result, hackers now know details about a vulnerability which, according to Oracle, "is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database." Oracle still doesn't have a patch for the vulnerability, but it has published a workaround, which enterprises are encouraged to use to maintain the security of their Oracle databases.

Submit a Comment

Loading Comments...

NewsletterDATAMATION DAILY NEWSLETTER

SUBSCRIBE TO OUR IT MANAGEMENT NEWSLETTER