With other major IT companies suffering from vulnerabilities, it is no surprise that Oracle released 78 security patches as part of its July Critical Patch Update.
There are 13 fixes for the Oracle Database server, two of which could suffer a remote exploit by an attacker without authentication.
Some of the most critical bugs fixed include holes in Oracle Secure Backup, JRockit, and the Sun SPARC server (Netra T3 and T3 Series). Each of these products contains vulnerabilities that have a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Other vulnerabilities addressed by these updates include holes in Solaris, Oracle Fusion Middleware and Oracle Enterprise Manager Grid Control.
Quite a few of the patches released cure vulnerabilities that Oracle itself created with its own faulty security products, a database security researcher said.
Of the fixed issues, Oracle classified 27 vulnerabilities as critical or issues that may be exploited remotely without requiring a user name or password.
“This is a very large set of patches for vulnerabilities that expose nearly every running Oracle database in the world to fairly trivial attacks that allow somebody to either knock the database down or take complete control of the database and all the data inside of it,” said Josh Shaul, CTO of New York City-based Application Security.
As several of the vulnerabilities allow an attacker to remotely exploit systems, Oracle recommends that system administrators install the patches as soon as possible.