Oracle Patch may not Update Some Systems


A noted computer security expert who has clashed with Oracle Corp. in the past is warning customers that a cumulative security patch from the company may overlook a critical hole that could leave Oracle databases open to remote attack.

David Litchfield of NGSS (Next Generation Security Software Ltd.) posted a warning on the Bugtraq security discussion list Tuesday claiming that Oracle's October CPU (Critical Patch Update) failed to install software components on some Oracle systems.

The omission could cause Oracle administrators to believe that their systems are patched, when they are in fact vulnerable to attacks, he said. Security Expert Pokes More Holes in Oracle Patch

Linked by shanmuga Thursday, 10th November 2005 6:39AM