Oracle Patches 45 Bugs In Quarterly Critical UpdateOracle Patches 45 Bugs In Quarterly Critical Update

Seventeen of the flaws affect Oracle's Database Server, and 13 of the total 45 could be exploited remotely without authentication.

Sharon Gaudin, Contributor

July 18, 2007

2 Min Read
information logo in a gray background | information

Oracle late Tuesday released its quarterly Critical Patch Update, fixing a total of 45 vulnerabilities across its product lines.

An attacker could remotely exploit 13 of the bugs without authentication. And 17 of the flaws being fixed this week affect the company's flagship product -- Oracle Database Server. Two of those database bugs also are remotely exploitable without authentication, according to Eric Maurice, a security manager with Oracle, writing in a blog post.

The vulnerabilities affect Oracle Database Server, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, and Oracle PeopleSoft Enterprise.

Oracle gives its most severe security rating to two flaws in its Oracle PeopleSoft Enterprise software. Those two bugs scored a 4.8 on the standard Common Vulnerability Scoring System (CVSS), which gives bugs a 0 to 10 ranking, with 10 being the most severe. Oracle doesn't give vulnerabilities a "critical" or "important" rating like Microsoft does.

According to an Oracle spokesman, at least one bug in the Oracle E-Business Suite received a 4.7, and the highest score among the database bugs was 4.2.

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," according to the company's own advisory. "Depending on your environment, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends changes are tested on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem."

The Internet Storm Center also is recommending that IT managers apply the updates "in a timely manner" since the flaws could enable attackers to compromise data in corporate databases.

Late last week, Oracle announced it would be releasing 46 patches, but the number released was one short at 45.

Read more about:

20072007

About the Author

Sharon Gaudin

Sharon Gaudin

Contributor

See more from Sharon Gaudin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports