Security vulnerabilities have been reported in Oracle 8 and 8i databases, potentially giving attackers full read and write access to information in the database. Two advisories released on Wednesday by security research group, Covert Labs, part of Network Associates' PGP subsidiary, identified two vulnerabilities at high and medium risk levels.
Both flaws are present in the Oracle implementation of Transparent Network Substrate (TNS), which allows for remote communication with the database.
According to Covert Labs, the TNS Listener is "vulnerable to a buffer overflow condition that allows remote execution of arbitrary code on the database server under a security context that grants full control of the database services and, on some platforms, full control of the operating system".
The firm also pointed out that because the buffer overflow occurs prior to any authentication, the system is vulnerable regardless of password protection.
The second vulnerability is present when using TNS over the Net8 SQLNet protocol, allowing an attacker to mount a denial of service attack against any Oracle service that relies upon the protocol, including the TNS Listener, Oracle Name Service and Oracle Connections Manager.
Apparently Oracle is aware of the vulnerabilities and has issued a patch, available here, under bug numbers 1489683 and 1656431.
The Covert Labs advisories can be found here.
Antarctica lost on average 252 gigatons of ice mass per year from 2009 to 2017, claims study
Buyers can demand refunds if they've had a game for no more than 14 days and not registered more than two hours of play
Total lunar eclipse 2019: 'Super Blood Wolf Moon' to be visible across Europe and North America on Sunday night
Moon will turn reddish-orange in colour during this weekend's total lunar eclipse
Hackers to compete for prize money of between $35,000 and $250,000 cracking the Tesla Model 3 at this year's Pwn2Own contest