Multiple critical flaws identified in Oracle

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci996801,00.html

"Thirty-four vulnerabilities -- the majority of them critical --
have been identified in multiple versions of Oracle's database
server."

"10g, 8i and 9i are all vulnerable so anyone running any of these
versions of Oracle should pay attention when the patches come out,"
Litchfield said. "Oracle 7 is also vulnerable but is no longer
supported by Oracle so no patches for this version will be made
available."

re:
http://news.zdnet.co.uk/software/applications/0,39020384,39162560,00.htm
Title: Oracle promises to patch flaws quickly 

"Database software maker Oracle promised on Tuesday to quickly make
patches available for the more than 30 flaws found by a British security
researcher. ...  "Security is a matter we take seriously at Oracle
and, while we stand firmly behind the inherent security of our products,
we are always working to do better," the company said in a statement
sent to ZDNet UK sister site CNET News.com. "Oracle has fixed the
issues ... and will issue a security alert soon." 

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************