Skip to main content

Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw

posted onJanuary 21, 2015
by l33tdawg

Renowned database security expert David Litchfield discovered the issue last year on a client's system and at first he thought it was a backdoor left behind by an attacker.

"On investigation, it turns out the 'backdoor' is part of a seeded installation!" he said Monday on Twitter. "I was flabbergasted. Still am."

In a pre-announcement about its quarterly Critical Patch Update expected today, Oracle said that 10 vulnerabilities will be fixed in E-Business Suite, six of which can be exploited remotely without authentication. The highest score for the E-Business Suite vulnerabilities that will be patched is 6.4 in the Common Vulnerability Scoring System (CVSS), according to the company. That doesn't sound too bad, considering that the CVSS scale goes to 10.

Source

Tags

Security Oracle

You May Also Like

Recent News

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th

Thursday, June 6th