Oracle needs to provide work-around instructions as well as patching, says Imperva CTO

(PresseBox) - 12 - "Oracle released its latest vulnerability list. What this release highlights is the fact that Oracle should provide work-around instructions rather than dogmatically stick to immediate patching as the single alternative.
This one has 88 patches. Only four issues are in the Oracle database server whereas six are in MySQL database server. Key observations regarding the four database vulnerabilities, two are interesting:
One vulnerability is severe, ranking 9 on a 10 scale. What is significant about this issue? It is the most severe even though exploiting it requires authentication. In this case, the vulnerability is in a component that is installed by default and known to have been vulnerable in the past on more than a few occasions. What does this component do? It allows users to do geometric searches. However, geometric search is not used very widely. Since the geometric search isn't used very much, so Oracle should recommend, for example, removing the package altogether so only those who need it are exposed to it.
The second vulnerability is a 7.1 on a 10 scale since it's a complex exploit-but this seems low. Why? This vulnerability requires two procedures: create library and create procedure. What is of most interest here it the create library capability which maps the OS module to the database-an inherently dangerous process because you could map any OS native code to be mapped as stored procedures accessible through a DB SQL session. We suspect that the vulnerability allows server takeover using uncontrolled mapping, and that the patch reduces the ability to map arbitrary modules. Regardless, a better method would be to simply not allow anyone but an administrator to perform this process"

Unternehmensinformation / Kurzprofil:
Bereitgestellt von Benutzer: PresseBox
Datum: 19.04.2012 - 11:34 Uhr
Sprache: Deutsch
News-ID 136858
Anzahl Zeichen: 1799

contact information:
Town:

Redwood Shores

Kategorie:

Mining

Diese Pressemitteilung wurde bisher 441 mal aufgerufen.


Die Pressemitteilung mit dem Titel:
"Oracle needs to provide work-around instructions as well as patching, says Imperva CTO"
steht unter der journalistisch-redaktionellen Verantwortung von

Imperva Inc. (Nachricht senden)

Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).

Imperva analysis of why writing is on the wall for SHA1 encryption ...

12 - In recent reports it has been found that SHA1, a widely used cryptographic algorithm used to secure sensitive websites, software, and corporate servers is weak enough that well-financed criminals could crack it in the next six years. Bel ...

Imperva Introduces SharePoint Security Capabilities to Secure Against Web Attack ...

12 - Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today announced SecureSphere for SharePoint 9.5, enhancing compromised insider protection, and automat ...

Imperva Report Details Automated Web Application Attacks ...

12 - Imperva, Inc. (NYSE: IMPV), a pioneer and leader of a new category of data security solutions for high-value business data in the data center, today released its April Hacker Intelligence Report Automation of Attacks, which analyzes how and why ...

Alle Meldungen von Imperva Inc.