http://radio.weblogs.com/0103213/categories/databases/ Oracle, SQLServer et al Copyright 2002 Pelle Braendgaard Thu, 11 Apr 2002 11:35:01 GMT http://backend.userland.com/rss092 pelle@neubia.com pelle@neubia.com <H4>Oracle - Unbreakable?</H4> <P>If you're running Oracle 9i Application Server and/or Database Server please have a look at this from CERT. There are a broad range of security holes you should now about even if you're just in Development. The largest I can see are a bunch of Buffer Overflows in the Appservers PL/SQL module.&nbsp;David Litchfield of <A href="http://www.nextgenss.com/">NGSSoftware</A> has provided a bunch of recommendations that you can reach from the CERT Advisory:</P> <P><A href="http://www.cert.org/advisories/CA-2002-08.html">CA-2002-08: Multiple vulnerabilities in Oracle Servers</A></P> CERT/CC <A href="http://www.theregister.co.uk/content/53/24513.html">Sue Ellison, analyst tells Oracle users</A>. Multiplexing license caper perplexes punters [<A href="http://www.theregister.co.uk">The Register</A>] The Register