http://news.com.com/Database+flaws+more+risky+than+thought/2100-1002_3-5502538.html By Robert Lemos Staff Writer, CNET News.com December 23, 2004 Details of multiple security flaws in Oracle and IBM databases have been released by the security company that found them. The flaws, which were described in general terms in August and September by Next-Generation Security Software, could allow an attacker to remotely compromise servers running the database programs. Security company Symantec raised its Internet threat rating of the flaws to 2 from 1, based on the details released on Thursday. NGSSoftware gave users of the databases more than three months to fix their systems when it announced its discovery of the flaws. Oracle has already released patches for the 10 vulnerabilities affecting its 9i database, and IBM has issued fixes for two flaws in DB2 versions 7 and 8.1. "Some of these are more serious than others," said David Litchfield, a security researcher and co-founder of U.K.-based NGSSoftware. "Most of these vulnerabilities can be exploited remotely." The advisories can be found on NGSSoftware's Web site. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Dec 24 2004 - 02:31:25 PST