[ISN] Oracle to fix 167 vulnerabilities, including a backdoor-like flaw in its E-Business Suite

http://www.computerworld.com/article/2872694/oracle-to-fix-167-vulnerabilities-including-a-backdoor-like-flaw-in-its-e-business-suite.html By Lucian Constantin IDG News Service Jan 20, 2015 Oracle’s monster batch of security updates expected Tuesday will include a fix for a serious misconfiguration issue in its E-Business Suite product that can give hackers access to databases full of sensitive business records. Renowned database security expert David Litchfield discovered the issue last year on a client’s system and at first he thought it was a backdoor left behind by an attacker. “On investigation, it turns out the ‘backdoor’ is part of a seeded installation!” he said Monday on Twitter. “I was flabbergasted. Still am.” In a pre-announcement about its quarterly Critical Patch Update expected today, Oracle said that 10 vulnerabilities will be fixed in E-Business Suite, six of which can be exploited remotely without authentication. […]