There have been two high-profile Oracle security flaws in the last few months. The first, which everyone reading this article has probably heard of, is the Voyager worm. The second, which is slightly less well-known, is a very severe security hole that lets anyone with a valid logon to an Oracle database -- including an unprivileged account with nothing but CONNECT privs -- execute arbitrary code as SYS. In this article, I'll look at the two security flaws and outline the steps you need to take to protect your databases from them.
Oracle Corporation renamed the latest version of their database management system from Oracle 10i to Oracle10G to illustrate their commitment to Grid computing and the GGG (Great Global Grid). Oracle's Chairman and CEO, Larry Ellison, will release Oracle10G at the OracleWorld conference in San Francisco on the 9th of September 2003.