Alexander Kornbrust Oracle Security Blog » Print » SANS Top-20 2007 Security Risks (2007 Annual Update)

SANS Top-20 2007 Security Risks (2007 Annual Update)

Dieser Eintrag stammt von Alexander Kornbrust Am 28 Nov 2007 @ 13:32 In Security, Oracle Security | 3 Kommentare

Sans updated their [1] Top-20 list of security risks.

One section covers Oracle and Database Software. Since September 2006 there are 18 new CVE vulnerabilities with a CVSS base score of 7 or higher.

[2] CVE-2006-5332, [3] CVE-2006-5333, [4] CVE-2006-5334, [5] CVE-2006-5335, [6] CVE-2006-5336, [7] CVE-2006-5339, [8] CVE-2006-5340, [9] CVE-2006-5341, [10] CVE-2006-5342, [11] CVE-2006-5343, [12] CVE-2006-5344, [13] CVE-2006-5345, [14] CVE-2006-7138, [15] CVE-2007-0272, [16] CVE-2007-1442, [17] CVE-2007-2113, [18] CVE-2007-2118, [19] CVE-2007-5506.

Some of the most critical vulnerabilities in Oracle databases like the [20] view /[21] inline-view bug or the [22] bypass logon trigger are not covered in the SANS list.

BTW.: Microsoft SQL Server has only 1 vulnerability: [23] CVE-2007-4814

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2007/11/28/sans-top-20-2007-security-risks-2007-annual-update/

URLs in this post:
[1] Top-20 list: http://www.sans.org/top20/#s7
[2] CVE-2006-5332: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5332
[3] CVE-2006-5333: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5333
[4] CVE-2006-5334: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5334
[5] CVE-2006-5335: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5335
[6] CVE-2006-5336: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5336
[7] CVE-2006-5339: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5339
[8] CVE-2006-5340: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5340
[9] CVE-2006-5341: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5341
[10] CVE-2006-5342: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5342
[11] CVE-2006-5343: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5343
[12] CVE-2006-5344: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5344
[13] CVE-2006-5345: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5345
[14] CVE-2006-7138: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7138
[15] CVE-2007-0272: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0272
[16] CVE-2007-1442: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1442
[17] CVE-2007-2113: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2113
[18] CVE-2007-2118: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2118
[19] CVE-2007-5506: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5506
[20] view: http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
[21] inline-view: http://www.red-database-security.com/advisory/oracle_modify_data_via_inline_view
s.html
[22] bypass logon trigger: http://www.red-database-security.com/advisory/bypass_oracle_logon_trigger.html
[23] CVE-2007-4814: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4814

Klicken hier zum Drucken.