Oracle Plugs Three Security Holes

Friday Jul 25th 2003 by Staff

The most serious vulnerability could allow attackers to take over systems running Oracle's E-Business suite.


Oracle (Quote, Company Info) has issued patches to plug three security holes in its software suite, including two potentially serious flaws affecting its E-Business and Applications products.

The most serious issue was detected in the Oracle Applications Web Report Review (FNDWRR) program, which is implemented as a CGI. In an advisory, Oracle said a buffer overflow exists in the FNDWRR program that could allow an attacker to gain control of the process and execute arbitrary code on the server.

"This buffer overflow can be remotely exploited using a web browser and an overly long URL," the company said, urging users to apply the required patches immediately. Affected software include the Oracle E-Business Suite 11i and Oracle Applications 10.x through 11i.

In a separate warning, Oracle said research firm NGS Software found a buffer overflow vulnerability in the Oracle 8i and 9i database server products.

The article continues at

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved