Oracle patches 11i security flaws

Company issues upgrade to E-Business Suite diagnostics module containing security fixes, Integrigy says.

Oracle has issued an upgrade to its E-Business Suite 11i diagnostics module containing a number of the security fixes, according to applications security firm Integrigy.

In releasing the upgrade, Oracle made an usual move by alerting its users about the security patches, according to Integrigy's advisory. Historically, the software maker has released product upgrades but not disclosed whether they included security fixes, Integrigy noted.

The "Diagnostics Support Pack February 2006 with Oracle Diagnostics 2.3 RUP A" aims to address security flaws in Oracle diagnostics Web pages and Java classes, according to Integrigy. Oracle diagnostics, a troubleshooting module of Oracle E-Business Suite 11i, is designed to allow IT administrators to conduct tests when configuring and setting up applications.

"The significant (security) issue is (that) some diagnostics can be executed without any authentication, and it is possible to configure the diagnostics to be unrestricted," according to the Integrigy report.

The security patches are designed to limit access to the diagnostics tests.

Although the company releases quarterly security updates, "Oracle has not previously provided customers a notification that security fixes were included (in an upgrade)," Integrigy noted in its report. "We believe Oracle is encouraging customers to upgrade to the latest support diagnostics as a way to improve technical support and...accelerate the adoption of the diagnostics patch."

Oracle's next quarterly security update is scheduled for April 18.

Oracle was not immediately available for comment.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

iPhone 6S and 6S Plus: Should you upgrade?

After living with both phones for a week, these are the features that impressed us the most.

by Scott Stein