Oracle has broken its regular quarterly patch update cycle with a fix for a security flaw publicised at last month's Black Hat conference.
The vulnerability in Oracle's database server was demonstrated by David Litchfield, the celebrated white-hat hacker Brit. Oracle released a security update for server versions 11.2.x soon after
Litchfield's Vegas talk last month.
The privilege elevation bug means developers (but not ordinary users or common proles) can gain administrative rights on systems, provided a vulnerable Oracle
Text module is installed. The security flaw is not remotely exploitable without authentication and even then CREATE TABLE, CREATE PROCEDURE and EXECUTE privileges are needed for any badness to be possible,
according to Oracle.
