Attack code out for Oracle database

Computer code takes advantage of one of dozens of flaws Oracle provided fixes for this week.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

April 21, 2006 5:30 a.m. PT

Attack code that takes advantage of a flaw in Oracle's database software has been released on the Web, raising the urgency to patch.

The exploit code was published Wednesday, only a day after Oracle released its quarterly Critical Patch Update, security provider Symantec said in an alert to users of its DeepSight intelligence service.

The exploit code was published to the popular BugTraq security mailing list. It targets the Oracle Database 10g and appears to give the attacker higher privileges on the system.

Oracle addressed close to 40 vulnerabilities in its Tuesday patch release cycle. Some of the issues would require an exploit for a successful attack; others would not, according to Symantec.

The U.S. Computer Emergency Readiness Team added its voice on Wednesday, urging users in an alert to apply Oracle's fixes.