In 2001, Oracle CEO Larry Ellison told the world his company's software was "unbreakable" and invited the hacker community to bring it on. The results? By Oracle's own admission, critical security flaws are now legion . . .
In 2001, Oracle CEO Larry Ellison told the world his company's software was "unbreakable" and invited the hacker community to bring it on. The results? By Oracle's own admission, critical security flaws are now legion.

The problems affect all of Oracle's flagship products, including Oracle Database 8i, 9i and even the new 10g, with the exception of the just-released version 10.1.0.3. Oracle Application Server is also affected, though a patched version 9.0.4.2 is due out soon.

The vulnerabilities run across multiple modules and functions. The database products have holes in the Database Server and Listener elements, and these don't even require a valid user account to exploit. Oracle Application Server is similarly vulnerable in its Portal and iSQL*Plus components. Oracle Enterprise Manager's holes are somewhat less severe--they can be exploited only by those with a valid OS-level user account--but other Oracle products, such as Oracle Collaboration Suite and E-Business Suite 11i, will necessitate full patching of their underlying database server and application server components. With no work-arounds available, Oracle recommends applying patches immediately.

The link for this article located at Richard Hoffman, Network Computing is no longer available.