SAP Note 11642 - ORACLE 7.0.16.6 - security patch.

Symptom

ORACLE is currently sending patches for the upgrade to 7.0.16.6

Cause and prerequisites

A security bug in the role concept. A user can obtain amazing (!!!!) ORACLE knowledge and unauthorized privileges

Solution

In the SAP environment, this problem should be unimportant since

1. no role concept is active

2. there are only 3 users in the database

3. the customers' passwords are not changed as a rule so that in the case of over 95% of customers it is possible to log on as USER "SYSTEM" or "SYS" or as SAPR3 without problems.

As soon as the 7.0.16.6 is tested, we will distribute it. This will be done through the next SAP upgrade or if necessary by means of a separate tape or CD. Furthermore, it is possible to make the necessary parts available on SAPSERV3.

The customers must not use the ORACLE tape 7.0.16.6 but should wait for the SAP ORACLE release.

Keyword: security