informa
/
News

Not So Unbreakable

Oracle says a flaw in Release 2 of its Oracle9i database could let a hacker launch a denial-of-service attack or capture an active user session.
A security flaw in the Oracle9i Release 2 database could be exploited by "a knowledgeable and malicious user" to launch a denial-of-service attack or capture an active user session of the database server, Oracle said in a security alert issued this week.

According to a bulletin on the Oracle Technology Network Web site, the company discovered a set of potential buffer overflows in the XML database functionality of the Oracle9i Release 2 database. Oracle9i Release 1 and earlier versions of Oracle's database software are unaffected. Details and security patches are available in the security alert section of otn.oracle.com.

Oracle likes to describe its software as "unbreakable" when comparing its products to those from archrival Microsoft.