Oracle Plugs Three Security Holes

July 25, 2003

[From internetnews.com]

Oracle (Quote, Company Info) has issued patches to plug three security holes in its software suite, including two potentially serious flaws affecting its E-Business and Applications products.

The most serious issue was detected in the Oracle Applications Web Report Review (FNDWRR) program, which is implemented as a CGI. In an advisory, Oracle said a buffer overflow exists in the FNDWRR program that could allow an attacker to gain control of the process and execute arbitrary code on the server.

"This buffer overflow can be remotely exploited using a web browser and an overly long URL," the company said, urging users to apply the required patches immediately. Affected software include the Oracle E-Business Suite 11i and Oracle Applications 10.x through 11i.

In a separate warning, Oracle said research firm NGS Software found a buffer overflow vulnerability in the Oracle 8i and 9i database server products.

The article continues at http://www.internetnews.com/dev-news/article.php/2240411