Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in E-Business Suite

Oracle’s monster batch of security updates expected Tuesday will include a fix for a serious misconfiguration issue in its E-Business Suite product that can give hackers access to databases full of sensitive business records.

Renowned database security expert David Litchfield discovered the issue last year on a client’s system and at first he thought it was a backdoor left behind by an attacker.

“On investigation, it turns out the ‘backdoor’ is part of a seeded installation!” he said Monday on Twitter. “I was flabbergasted. Still am.”

In a pre-announcement about its quarterly Critical Patch Update expected today, Oracle said that 10 vulnerabilities will be fixed in E-Business Suite, six of which can be exploited remotely without authentication.

To read this article in full or to leave a comment, please click here

Story added 20. January 2015, content source with full text you can find at link above.

Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in E-Business Suite

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts