Oracle to fix 167 vulnerabilities, including a backdoor-like flaw in its E-Business Suite

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/article/2872694/oracle-to-fix-167-vulnerabilities-including-a-backdoor-like-flaw-in-its-e-business-suite.html

By Lucian Constantin
IDG News Service
Jan 20, 2015

Oracle's monster batch of security updates expected Tuesday will include a 
fix for a serious misconfiguration issue in its E-Business Suite product 
that can give hackers access to databases full of sensitive business 
records.

Renowned database security expert David Litchfield discovered the issue 
last year on a client's system and at first he thought it was a backdoor 
left behind by an attacker.

"On investigation, it turns out the 'backdoor' is part of a seeded 
installation!" he said Monday on Twitter. "I was flabbergasted. Still am."

In a pre-announcement about its quarterly Critical Patch Update expected 
today, Oracle said that 10 vulnerabilities will be fixed in E-Business 
Suite, six of which can be exploited remotely without authentication.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/