Oracle denies researcher's security claims
Oracle and a security researcher have fallen out over a vulnerability in the company's software that has gone unpatched since it was discovered in October.The company is warning its customers not to use a workaround written by David Litchfield for a security vulnerability, claiming the suggested workaround could break its software.
Litchfield, managing director of Next Generation Security Software Ltd. in Sutton, England, said he posted the fix on the BugTraq mailing list on Wednesday after warning Oracle about the dangers the vulnerability posed.
Oracle was notified of the workaround before it was released, but has found it "inadequate," said Duncan Harris, Oracle's senior director of security assurance. It will break a large number of E-Business Suite applications, he said.
Tuesday, 31 January 2006 18:31 EST
Read Full Story