Security firm reports vulnerability in Oracle8, 8i

A security firm on Thursday reported finding vulnerabilities in Oracle Corp.’s 8 and 8i database products which it said potentially could provide attackers with full access to the database, allowing them to create, delete, or modify information.

The Covert Labs division of PGP Security, which itself is a division of Network Associates Inc., issued two advisories Wednesday night, both pertaining to Oracle’s TNS (Transparent Network Substrate). The TNS Listener, which is used to establish and maintain remote communications with Oracle database services, is vulnerable to a buffer overflow, which could allow a remote user to execute malicious code on the database server, Covert Labs said in its advisory.

“This is no more difficult (to cause) than most normal buffer overflows,” Jim Magdych, security research manager for PGP Security said. “It’s probably just a matter of time before someone releases a script to take advantage of it.”

A second vulnerability in TNS allows a remote user to mount a denial of service attack against any Oracle service relying on the Net8 protocol, Covert said in a second advisory. Services that make use of the protocol include TNS Listener, Oracle Name Service and Oracle Connections Manager, Covert said. TNS is designed to provide a single application interface to all industry-standard networking protocols.

Oracle said it was aware of the vulnerabilities and has already issued a patch. “All software has bugs, and we immediately put up a patch,” an Oracle spokesperson said. The spokesperson declined to comment on the severity of the security holes.

The patches are available at http://metalink.oracle.com under bug numbers 1489683 and 1656431.

PGP Security, in Santa Clara, Calif., can be reached at http://www.pgp.com/. Oracle, in Redwood Shores, Calif., can be reached at http://www.oracle.com/.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now