Archive for November 28th, 2007

SANS Top-20 2007 Security Risks (2007 Annual Update)

Mittwoch, November 28th, 2007

Sans updated their Top-20 list of security risks.

One section covers Oracle and Database Software. Since September 2006 there are 18 new CVE vulnerabilities with a CVSS base score of 7 or higher.

CVE-2006-5332, CVE-2006-5333, CVE-2006-5334, CVE-2006-5335, CVE-2006-5336, CVE-2006-5339, CVE-2006-5340, CVE-2006-5341, CVE-2006-5342, CVE-2006-5343, CVE-2006-5344, CVE-2006-5345, CVE-2006-7138, CVE-2007-0272, CVE-2007-1442, CVE-2007-2113, CVE-2007-2118, CVE-2007-5506.

Some of the most critical vulnerabilities in Oracle databases like the view / inline-view bug or the bypass logon trigger are not covered in the SANS list.

BTW.: Microsoft SQL Server has only 1 vulnerability: CVE-2007-4814