Article

Oracle announces fixes for two Oracle9i vulnerabilities

Edmund X. DeJesus, Contributing Writer

Oracle strongly recommends patching, and possibly upgrading, to fix two vulnerabilities in its Oracle9i database. Without remediation, the vulnerabilities can permit session hijacking, unauthorized access by remote attackers and denial of service.

The first vulnerability

    Requires Free Membership to View

can allow a local attacker to hijack other sessions, possibly causing a denial of service. This affects Oracle E-Business Suite 11i and Oracle9i Database Enterprise and Standard Editions.

The second vulnerability affects Oracle9i Lite when its Mobile Server is installed, which occurs by default. The unspecified vulnerability allows a remote, authenticated user to bypass security and gain unauthorized access to a connected Oracle database server. There is no workaround, and patches must be applied. Oracle 9i Lite versions 5.0.0.0.0 through 5.0.2.9.0 are vulnerable. Users of versions 5.0.1.0.0 or earlier must upgrade to version 5.0.2.0.0 before applying the patch.

Oracle has provided fixes for the affected systems.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: