Safe databases are key to security
Those of you hung over from patching Windows XP SP2 can't sleep in just yet. More than 40 vulnerabilities have been reported for Oracle's flagship software products. Holes in the Database Server and its Listener element can be exploited even without a valid user account. The Portal and iSQL*Plus components of Oracle Application Server are similarly vulnerable. The holes in Oracle Enterprise Manager are less severe--they can be exploited only by those with a valid OS-level user account--but other Oracle products, such as the Collaboration and E-Business suites, require full patching.
By Mike Lee at Security Pipeline.
[ Read more ]