Oracle recommended that its database customers patch a security vulnerability in certain versions of its database, saying risk to exposure is high. Any machine connected to an affected server could exploit the flaw and take over the server, the company said. The problem is found in four editions of Oracle's 9i and Oracle 8i databases as well as two editions of the Oracle 9i Application Server, the company said in an alert issued on Dec. 4.
The problem, further detailed at Carnegie Mellon University's CERT Coordination Center, is due to flaws in different implementations of security protocols, namely Secure Sockets Layer (SSL) and Transport Layer Security (TLS), used within Oracle's products. The SSL vulnerabilities can be "exploited when carefully crafted X.509 certificates are presented by clients, even when X.509 client certificates are not enabled," according to the Oracle alert.