Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw in E-Business Suite
Oracle’s monster batch of security updates expected Tuesday will include a fix for a serious misconfiguration issue in its E-Business Suite product that can give hackers access to databases full of sensitive business records.
Renowned database security expert David Litchfield discovered the issue last year on a client’s system and at first he thought it was a backdoor left behind by an attacker.
“On investigation, it turns out the ‘backdoor’ is part of a seeded installation!” he said Monday on Twitter. “I was flabbergasted. Still am.”
In a pre-announcement about its quarterly Critical Patch Update expected today, Oracle said that 10 vulnerabilities will be fixed in E-Business Suite, six of which can be exploited remotely without authentication.