Thu, Apr 27 2006 6:05
Patched Oracle database still at risk, bughunter says
Oracle's latest update fails to tackle a database flaw that has already been exploited, a security researcher has warned.
Last week, the business software maker issued its quarterly
Critical Patch Update, addressing more than 30 flaws in its software.
However, the update for Oracle 10g Release 2 does not plug a hole that
allows published attack code to run, according to a message sent to the Full Disclosure security list on Wednesday by David Litchfield, a researcher at Next Generation Security Software.
Filed under: News