Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 53 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » January 2011 » Latest Oracle Security Critical Patch Update is out

[Previous entry: "Oracle Security Training, Home For Christmas and a belated happy new year"] [Next entry: "Techa Kucha In York"]

Latest Oracle Security Critical Patch Update is out

January 19th, 2011 by Pete

The most recent patch Tuesday happened yesterday for Oracle. The sizes of the patches are increasing but that is due solely to the recent aquisition of Sun. The database security patches are the area where I have an interest and the size of the number of fixes is definately dropping in the database. I have to say also that for a long time now patches are not the topic of conversation with customers or at conferences anymore. The major focies seem to be around hardening, core security controls and audit trails. Companies seem to have become aware to the true issues over the last couple of years. Security patches are obviously important and should be installed but they are not the crux of the issue of securing data in an Oracle database. The biggest issues often are a lack of accountability and insufficient controls and excessive privileges and a lack of segregation of duties. Often most of these issues are a remnant of not including security as part of the original design. We can ask Oracle to fix security bugs but we cannot ask them to fix our designs where security is concerned; thats our job!

The January 2011 Oracle critical patch update includes 7 database server issues; one in Audit Vault with a CVSS score of 10, one in Oracle secure backup and 5 in the database. All three areas have remotely exploitable bugs without the need for username and password.

January 2011

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!