14 November 2007
Virtual patch ready now for Sentrigo Hedgehog users
WOBURN, Mass.—November 14, 2007— Sentrigo, Inc., an innovator in database security software, has released a virtual patch to protect against remote buffer overflow attacks affecting Oracle Database 10g release 2. According to an advisory published by iDefense Labs on November 7, 2007, the vulnerability may be used to cause denial of service attacks or otherwise compromise the database. The vulnerability was discovered in the XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure. According to the same source, Oracle announced that the vulnerability has been fixed and a patch will be released within the company’s next Critical Patch Update (CPU).
“Sentrigo customers enjoy an immediate protection from attacks targeting the recently published vulnerability and many other vulnerabilities, without requiring them to take the database offline or perform extensive testing,” said Dan Sarel, Sentrigo’s vice president of products. “This allows our customers to protect their databases until the DBMS vendors’ patches are ready for deployment. Since an exploit is already available publicly, we encourage all of our customers to apply the virtual patch without delay.”
The HXDB_PITRIG_PKG. PITRIG_DROPMETADATA vulnerability virtual patch is available immediately to all Sentrigo Hedgehog Enterprise™ users as well as to Hedgehog Standard™ customers who subscribe to the Hedgehog security update service. An evaluation version of Hedgehog Enterprise and the free of charge Hedgehog Standard are both available for download from the Sentrigo website.
To speak with Dan Sarel of Sentrigo about Oracle database security, contact Shweta Agarwal of Schwartz Communications at +1 781-684-6670 or sentrigo@schwartz-pr.com.
|
.gif){kind=small}
