Four-year old critical Oracle bug still alive
A critical vulnerability Oracle's database product remains unpatched some four years after it was revealed, says the researcher who discovered it.
Oracle claimed to have patched the remote pre-authenticated vulnerability, dubbed TNS Poison, in April but security researcher Joxean Koret said the fix did not cover older versions.
In 2008, Koret reported the flaw to bug-bounty program iSight Partners which shared the details with Oracle per its reward program specifications. He later published a proof-of-concept for the bug that affected database versions 8i to 11g Release 2, the most current iteration. Oracle acknowledged the bug in its quarterly security update this month and credited Koret for identifying it, in its "Security-In-Depth" program.
- Fri, 2013-04-19 05:32
- Tue, 2013-03-05 06:54
- Fri, 2013-03-01 10:43