Serious vulnerability discovered in Oracle databases

A serious vulnerability has been discovered in Oracle database software that could potentially allow a hacker to take an unpatched database offline for a prolonged period, along with any content management systems or web applications that depend on it.

According to Infoworld, the vulnerability allows users with low level access to rapidly increase the System Change Number (SCN) of an Oracle database. When an SCN becomes too large, the database automatically shuts down.

Businesses that use Oracle as part of the back-end to their content management system, or depend on cloud computing services based on Oracle databases, may be vulnerable to the exploit.

Businesses that rely on their websites remaining online may be particularly at risk.

A patch for the exploit has been included as part of the Oracle Critical Patch Update for January 2012.

COMMENTS