A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Buffer Overflows Patched in Oracle 9i Database

Buffer Overflows Patched in Oracle 9i Database

By Ryan Naraine (Send Email)
Posted Feb 10, 2004


British security research firm NGSSoftware has discovered multiple security vulnerabilities in Oracle's database server software. The firm is warning that the most serious flaw could lead to system takeover.

Oracle issued a fix for multiple vulnerabilities in its database server software.

The vulnerabilities affect the Oracle9i Database (both enterprise and standard editions) and can be exploited by malicious database users to compromise the system and gain escalated privileges, the research firm warned.

Security alerting service Secunia rates the flaws as "moderately critical."

Oracle 9i Database users are urged to upgrade to version 9.2.0.4 and apply Patch 3 from the company's Metalink site.

The database management software, used by large scale enterprises to store and access data across numerous platforms, contains a security hole due to boundary errors in two functions and could cause buffer overflows. NGSSoftware said the buffer overflow could be caused by supplying an overly long character string.

Two separate vulnerabilities are being caused due to boundary errors in the "FROM_TZ" function and in the "TIME_ZONE" parameter, NGSSoftware said.

"Successful exploitation of the vulnerabilities may allow a malicious, unprivileged database user to execute arbitrary code with either SYSTEM or ORACLE privileges."

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date