Risk level increased for database flaws
Published: 24 Dec 2004 09:00 GMT
Details of multiple security flaws in Oracle and IBM databases have been released by the security company that found them.
The flaws, which were described in general terms in August and September by Next-Generation Security Software, could allow an attacker to remotely compromise servers running the database programs. Security company Symantec raised its Internet threat rating of the flaws to 2 from 1, based on the details released on Thursday.
NGS Software gave users of the databases more than three months to fix their systems when it announced its discovery of the flaws. Oracle has already released patches for the 10 vulnerabilities affecting its 9i database, and IBM has issued fixes for two flaws in DB2 versions 7 and 8.1.
"Some of these are more serious than others," said David Litchfield, a security researcher and co-founder of UK-based NGS Software. "Most of these vulnerabilities can be exploited remotely."
The advisories can be found on NGS Software's Web site.













