Oracle patches two holes in 9i database

Oracle Corp. released patches for two security holes in its 9i database last week that could have allowed an attacker to take over or run code on affected systems.

The more serious of the two bugs exists in the Net Listener component of 9i, which “listens” for client requests for use of the database, according to a security bulletin from U.K.-based Next Generation Security Software Ltd. (NGSSoftware), the company that originally discovered the flaws. A buffer overflow problem in Net Listener could let an attacker overrun the memory assigned to the application, allowing attack code to be run in the database’s security context, NGSSoftware said.

The hole is exploitable from remote computers and affects all version 9 releases of Oracle 9i running on Windows and VM, according to Oracle, which is based in Redwood Shores, California.

The second vulnerability is also the result of a buffer overflow, this time in Oracle’s 9iAS Reports Server, NGSSoftware said. If an attacker overruns the buffer in the software, they would be able to run code in the server’s security context, which is often the local system context on Windows systems, the company said.

The flaw affects Oracle 9iAS Reports Server 1.0, but not 2.0, and any Oracle product containing Reports Server 6.0.8.18.0 and older, Oracle said.

Both patches are available to Oracle customers at the company’s Metalink Web site, http://metalink.oracle.com.

In 2001, Oracle ran a marketing campaign claiming that its products were “unbreakable” and could not be hacked into. After those claims, a handful of security vulnerabilities were discovered in its software.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now