Channel News and Analysis - Channel Insider

Empowering the next generation Channel

Home

Channel News and Analysis

Oracle Plugs 51 DB, Server Holes

[ci] deep dives:

Managed Services Distribution Careers Linux and Unix Computer Networking Printers Security SMB Partner Storage Surveys Solution Builder Messaging/Collaboration Dell Reseller Microsoft Partner

[ci] commentary:

Debuting the New Channel Insider Channel Insider unveils its new Web site design, which reflects our mission to support solution providers with the best insight and analysis for their success

Convergence: The Next Security Wave The convergence of physical and logical security isn't a new idea, but largely untapped by solution providers. Groups like 1nService and PSA Security are bringing these largely segmented channels together for this $7 billion market opportunity.

Oracle Plugs 51 DB, Server Holes

in Channel News and Analysis

More Channel News and Analysis Coverage

Previous Article: Lexmark Offers Managed Services for its VARs

Next Article: Google Goes Analog to Warn of Pending Layoffs

DATE: 2007-01-16

By Ryan Naraine

Article Rating:

/ 0
Article Views: 139

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

The first critical patch update for 2007 plugs 51 vulnerabilities in a range of enterprise-grade product lines.

Oracle has released its first critical patch update for 2007, with fixes for a total of 51 security vulnerabilities in a wide range of enterprise products.

The Redwood City, Calif., database server giant's patch batch covers serious holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.

The most serious of the 51 flaws carry a CVSS (Common Vulnerability Scoring Standard) base score of 7.0.

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," the company said in its quarterly advisory.

The company said 28 of the 51 flaws affect its flagship Oracle Database. Among that batch of patches is a high-severity issue that can be "remotely exploitable without authentication."

This means a successful attacker can launch an exploit over a network without the need for a user name and password.

There are nine patches for the Oracle HTTP Server, which is an optional product that is not installed by default with the Oracle Database. Eight of the nine can be exploited remotely without user credentials, the company warned.

The January 2007 patch update also provides fixes for a dozen new security flaws in the Oracle Application Server, eight of which may be remotely exploitable without authentication.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine's eWEEK Security Watch blog.

	Discuss Oracle Plugs 51 DB, Server Holes

	>>> Be the FIRST to comment on this article!



	>>> More Channel News and Analysis Articles >>> More By Ryan Naraine

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article

SIGN UP FOR CHANNEL INSIDER NEWSLETTERS
Reliable, timely information on the business of technology. Sign up now.

RSS SUBSCRIPTIONS

Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

Ziff Davis White Paper Library

eWEEK Labs RFPs and Tools

Channel Insider:

Security:
Enterprise Security
Network Security
Infrastructure Security
How To: Data
IT Security News
Cheap Hack Blog
Security Watch Blog

Storage:
Storage
Cloud Storage
Storage Virtualization
Network Access Storage
Storage Reviews
Data Storage News
How To: Storage
Storage Station Blog

Computing:
Apple OSX
Linux Systems
Windows Vista
Managed Print Services
Cloud Computing
PC Reviews
Microsoft Watch Blog
Apple Watch Blog
Google Watch Blog

Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Mobile Applications
Wireless News
Mobile Reviews

Apps & Development:
Application Development
SAAS
Search Engines
Database Software
IT Project Management
Web 2.0
IT Project Management
Emerging Tech Blog
CIO Insight Blogs
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel Partners
Careers Blog
Value Added Resellers

More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Podcasts
Tech Videos
eWeek Magazine Subscriptions

Enterprise Websites:
ZDE Home
Baseline
Channel Insider
CIO Insight
eSeminars
eWeek Mid-Market
Publish Online
Web Buyers Guide

Developer Websites:
Dev Shed
DeveloperShed
ASP Free
MS DevSource
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware

Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
iGrep Search Engine
Windows for Devices
iGrep Search Engine
PDF Zone
Linux Watch

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2009 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
eWeek is your best source for the latest Technology News.
ZDE Cluster 6 hosted by Hostway.