Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Oracle Warns of Critical Exploits

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Oracle Warns of Critical Exploits
Date: Fri, 15 Oct 2004 05:29:15 -0500 (CDT) 
http://www.eweek.com/article2/0,1759,1676500,00.asp

By Lisa Vaas 
October 14, 2004 

Critical Oracle Corp. technology vulnerabilities have been publicly
exploited, the company advised in a recent security update that urged
users to apply the patches contained in its Security Alert 68. [1]

"Oracle is aware of public exploits (as indicated in the latest
version of the alert) for several of the vulnerabilities, and more
exploits may be created," the company said in the e-mail alert.  
"Security Alert 68 is a critical security update and should be applied
as soon as possible."

The vulnerabilities were addressed in the Redwood Shores, Calif.,
company's first monthly patch rollup, which was released on Aug. 31.  
At the time this story was posted, Oracle had not returned phone calls
seeking details of the exploits.

The vulnerabilities in question, however, included the potential for
buffer overflow attacks, SQL injection techniques for gaining access
to Oracle databases, and the ability for a remote attacker to take
advantage of a known, default user account and password.

Other flaws allow databases to be exploited by regular users, who can
crash the database or escalate privileges to administrator level.  
Multiple versions of Oracle's Database Server, Application Server and
Enterprise Manager software are at risk.

Security experts and Oracle watchers are pricking up their ears as
they spot message board posts such as this one that request further
information on the bugs.

"If this increases or the information becomes more readily available,
then some companies are going to have problems," said a Weblog [2]
entry posted by the Oracle security company PeteFinnigan.com Ltd.
"Exploits are not just used by Internet-based hackers; they can also
be used internally by employees."

[1] http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
[2] http://petefinnigan.com/weblog/entries/index.html



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Oracle Warns of Critical Exploits, InfoSec News <=
Previous by Date:  [ISN] 'Trustworthiness' still a goal for Microsoft, InfoSec News
Next by Date:  [ISN] Thoughts About "Protection Against BIND", InfoSec News
Previous by Thread:  [ISN] 'Trustworthiness' still a goal for Microsoft, InfoSec News
Next by Thread:  [ISN] Thoughts About "Protection Against BIND", InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]