July 20, 2011

Oracle fixes 78 flaws; half in Database and Sun Suite

Oracle on Tuesday released its quarterly critical patch update to address 78 vulnerabilities, touching all of its product lines.

In an advisory, the company recommended that customers apply the fixes, which include 16 for its popular database product and 23 for the Sun Products Suite, as soon as possible.

Among the most severe are vulnerabilities (CVE-2011-2261,CVE-2011-0873 and CVE-2011-2288) that affect Oracle Secure Backup, Oracle JRockit and SPARC T3 Series, respectively, Marcus Carey, security researcher at Rapid7, said.

These flaws, which are remotely exploitable and do not require authentication credentials, can result in the takeover of an affected system, Carey told SCMagazineUS.com on Tuesday. Public exploits are forthcoming.

"The truth is, there are a lot of vulnerabilities in many organizations," Carey said. "It is important to not let outsiders have access. If organizations designed their networks properly, patching still would be necessary, but remote exploitations could be blocked."

Most users should not have access to SSH or HTTP on a network system, he said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.