Oracle (Quote, Company Info) has issued patches to plug three security holes in its software suite, including two potentially serious flaws affecting its E-Business and Applications products.
The most serious issue was detected in the Oracle Applications Web Report Review (FNDWRR) program, which is implemented as a CGI. In an advisory, Oracle said a buffer overflow exists in the FNDWRR program that could allow an attacker to gain control of the process and execute arbitrary code
on the server.
"This buffer overflow can be remotely exploited using a web browser and an overly long URL," the company said, urging users to apply the required
patches immediately. Affected software include the
Oracle E-Business Suite 11i and Oracle Applications 10.x through 11i.
In a separate warning, Oracle said research firm NGS Software found a buffer overflow vulnerability in the Oracle 8i and 9i database server products.
The article continues at