Oracle rushes out a security advisory with workarounds for a dangerous Database Server security flaw. It released Security Alert CVE-2012-1675
The vulnerability was orginally discovered by Joxean Koret in 2008. Oracle Database Server versions released in the past 13 years contain a bug that allows hackers to monitor all data passing between the server and end users who are connected to it. Koret is said to have commented that Oracle learned of the bug in 2008 and indicated in a recent e-mail that it had no plans to fix current supported versions of the enterprise product because of concerns it could cause "regressions" in the code base.
Interestingly , the security alert provide customers with a number of technical measures to provide effective defense against this vulnerability in all deployment scenarios. It doesnot contain any patch. It is urging customers make the configuration changes documented in the mentioned My Oracle Support Notes as soon as possible.
The vulnerability was orginally discovered by Joxean Koret in 2008. Oracle Database Server versions released in the past 13 years contain a bug that allows hackers to monitor all data passing between the server and end users who are connected to it. Koret is said to have commented that Oracle learned of the bug in 2008 and indicated in a recent e-mail that it had no plans to fix current supported versions of the enterprise product because of concerns it could cause "regressions" in the code base.
Interestingly , the security alert provide customers with a number of technical measures to provide effective defense against this vulnerability in all deployment scenarios. It doesnot contain any patch. It is urging customers make the configuration changes documented in the mentioned My Oracle Support Notes as soon as possible.
