Oracle
Oracle's patching policy has come under fire

Expert challenges Oracle security record

Flaws reported two years ago remain unfixed, claims security firm

Tom Sanders in California

A security expert from Red Database Security has blasted Oracle's patching policy, and released details about six security vulnerabilities by way of a protest. 

According to the Red Database website, the flaws were first reported to Oracle nearly two years ago.

Advertisement

"It seems that Oracle is not interested in fixing and providing patches for this issue. If you think you need a patch to protect your Oracle Application Server you should contact Oracle," wrote Alexander Kornbrust in the security reports

The flaws affect Oracle Forms and Oracle Reports that ship as part of Oracle 9i and 10g Application servers and Developer suites.

Security website Secunia gave the flaws a ranking of moderately critical, the third level on a 5-level scale. 

At least one of the flaws provides a way for hackers to take control of a system running the Oracle application.

Red Database claims to have sent Oracle a reminder about the flaws on 15 April, threatening to publish the details if the flaws were not addressed in the company's July patch update.

Kornbrust released details about the security holes out of frustration over Oracle's refusal to issue a patch, and to provide details about workarounds that mitigate the risk.

Unveiling the security holes challenges the database vendor's claim to making software that is 'unbreakable', but as a nasty flipside could attract hackers to exploit the flaws.

A spokesman for Oracle told vnunet.com that the company responds to software flaws "as quickly as possible", and that he would have preferred Kornbrust to wait.

"We are disappointed when any details of Oracle product security vulnerabilities are released to the public before patches can be made available, " he said.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

Summit: Views From the Valley

V3.co.uk's US office weighs in on the information overload crisis

John Chambers speaks on collaboration

Cisco boss talks up new offerings

Analysis and Reports

Remote access - Three steps to getting connected

3.4 million UK professionals now work from home – is your company equipped?

Cost benefits of a global collaboration network

This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications

Poll

Impact of Information Overload poll

Impact of Information Overload poll

What is the biggest problem your firm faces as a result of the data explosion?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Information management

Summit: Quiz IBM experts on information strategies

Join our live chat session on Thursday at 11am to...

RIM discusses new developer tools

Blackberry exec on the latest offerings for programmers

Houses of parliament

Summit: Doubts raised over Tory plans for NHS records

Experts say data quality could be an issue

Researchers take down spam botnet

Researchers from security firm FireEye have been able to effectively...

Primary Navigation