Did you know that Oracle has a bug that allows hackers to perform attacks that monitor all data passed between server and connected end users and they aren’t patching it? That’s right, almost all versions of the Oracle Database Server released in the past 13 years contain this bug, leaving your confidential information vulnerable and Oracle has no plans of yet to patch current versions.
It turns out that Oracle has known about the bug since 2008 but it has come to the spotlight again now that a security researcher, Joxean Koret, has published a detailed advisory on the bug. He’s dubbed it the “Oracle TNS Poison” because it resides in the Transparent Network Substrate Listener that routes connections between the database server and clients.
At the moment, Oracle is declining to patch the bug due to concerns of regressions in the code base but per employee communications, future releases will have the fix.
You can read Koret’s post on the vulnerability here. I expect that based on the fact that his post has inadvertently disclosed detailed instructions for how to exploit the vulnerability that Oracle is likely investigating options to patch current versions but no word from them so far on the matter. For more details on this issue check out this article over at arstechnica.
At DLS Software Studios, we want to provide you with the very best IT solutions for your business. Contact us today to discuss how our IT consultants can bring cost-effective, best in class solutions to your organization. From custom software development to systems analysis, we’ve got you covered. While we are located in the Chicago area, we take on projects throughout the country. Any project, anywhere, anytime – We’ve got the solution for you.
