A serious vulnerability has been discovered in Oracle database software that could potentially allow a hacker to take an unpatched database offline for a prolonged period, along with any content management systems or web applications that depend on it.
According to Infoworld, the vulnerability allows users with low level access to rapidly increase the System Change Number (SCN) of an Oracle database. When an SCN becomes too large, the database automatically shuts down.
Businesses that use Oracle as part of the back-end to their content management system, or depend on cloud computing services based on Oracle databases, may be vulnerable to the exploit.
Businesses that rely on their websites remaining online may be particularly at risk.
A patch for the exploit has been included as part of the Oracle Critical Patch Update for January 2012.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.