Oracle's Security Problems

By CIO Update Staff

(Back to article)

A British computer-security expert has identified dozens of vulnerabilities in current and prior versions of Oracle Corp.'s flagship database software, including flaws that could allow intruders to steal or alter sensitive data.

Oracle learned about the problems early this year and has taken some steps to fix them but hasn't eliminated the flaws, said David Litchfield, managing director of Next Generation Security Software Ltd., Surrey, England. Litchfield, who told the company of the problems, said some of the vulnerabilities should be considered critical because they could allow hackers to gain control of database systems without a user identification or password.

Oracle, Redwood Shores, Calif., touts its security credentials, including certifications that make its database systems eligible for purchase by the Pentagon.

Oracle executives say the company is completing work on patches for the vulnerabilities Litchfield has identified and expects to issue a security alert shortly. "I'm not disputing they're probably serious," said Mary Ann Davidson, Oracle's chief security officer.

This article was compiled and edited by CIO Update staff. Please direct any questions regarding its content to Allen Bernard, Managing Editor.

See the complete story at www.wsj.com (paid registration may be required).