According to Alexander Kornbrust, a well-known database security researcher and business manager of German company Red Database Security GmbH, Oracle Bone Inscriptions unexpectedly published an article on its MetaLink customer technical support website introducing this security vulnerability, including how to use it.
Kornbrust posted a post on the Red Database Security website, saying that Oracle Bone Inscriptions Company published an article on MetaLink website on April 20th, detailing an unpatched security vulnerability and the code to exploit this security vulnerability. This security vulnerability affects all versions of Oracle Bone Inscriptions database software from to. He said that this article also appeared in the daily news column of MetaLink website and sent it to the subscribers of the daily news column.
He said that the high-risk security vulnerability of the upgrade privilege occurred when the Oracle Bone Inscriptions database was processing views made by some authorized users, which led to malicious users with the SELECT privilege using this security vulnerability to embed updates or delete arbitrary codes.
The French Security Incident Response Team, a well-known security vulnerability clearance organization, analyzed this security vulnerability and issued its own security bulletin, which classified this security vulnerability as a moderately dangerous vulnerability.
Kornbrust said that after learning about this security vulnerability, he informed Oracle Bone Inscriptions of the article about this leaked security vulnerability by e-mail, and then Oracle Bone Inscriptions deleted the article on MetaLink website. He criticized Oracle Bone Inscriptions's practices on the red database security website, saying that leaking security vulnerabilities like this usually hurts others.
He said that Oracle Bone Inscriptions usually criticizes individuals or enterprises for publishing information about Oracle Bone Inscriptions's security vulnerability, but this time Oracle Bone Inscriptions not only introduced this security vulnerability in detail on MetaLink website, but also provided the code to exploit this security vulnerability.
A spokesman for Oracle Bone Inscriptions didn't immediately respond to a request for comment, but Kornbrust said that Oracle Bone Inscriptions had told him that an important patch will be released in the future to fix this security vulnerability. The next time Oracle Bone Inscriptions released an important patch update, Kornbrust expressed doubt that Oracle Bone Inscriptions could fix this security vulnerability at that time.
Before fixing this security vulnerability, Kornbrust suggests taking the following measures to bypass this vulnerability.
Lishi Xinzhi/Article/program/Oracle/20 13 1 1/ 18682