Archive for the ‘Security’ Category

« Older Entries
Newer Entries »

Checkpwd 1.23 for MacOS Intel native released

Donnerstag, Mai 8th, 2008

2 weeks ago Oracle released the instant client 10.2.0.4 for Mac OS Intel. Yesterday I had the time to recompile checkpwd (checkpwd for other platforms) with the new instant client. The compilation worked flawless.

The performance of checkpwd with the native Oracle Mac client is 50% faster than the previous version for PPC.

Here are the links:

  • Checkpwd 1.23  [Mac – Intel – native] – 37 MB – with Oracle instant client
  • Checkpwd 1.23  [Mac – Intel – native] – 68 KB – without Oracle instant client
  • Checkpwd 1.23  [Mac – Intel – native] – 68 KB – Passwords are not displayed

And here sidguess recompiled for Mac – Intel:

  •  Sidguess 1.02  [Mac – Intel – native] – 16 KB -without Oracle instant client

Posted in Oracle Security, passwords, Security | No Comments »

Oracle Critical Patch Update Pre-Release Announcement – April 2008

Freitag, April 11th, 2008

Yesterday Oracle has published the pre-release announcement for the upcoming CPU next tuesday. According to this announcement the CPU will fix 41 security in various Oracle products. 17 vulnerabilities are affecting the Oracle Database.

  • Advanced Queuing
  • Audit
  • Authentication
  • Change Data Capture
  • Core RDBMS
  • Data Pump
  • Export
  • Oracle Application Express
  • Oracle Net Services
  • Oracle Secure Enterprise Search or Ultrasearch
  • Oracle Spatial
  • Query Optimizer

2 of these vulnerabilities are located in APEX and 2 of these 17 are remote exploitable (APEX?).

Tonight Oracle secalert will normally inform the researchers what vulnerabilities will be fixed by the upcoming CPU. It seems that some of our critical vulnerabilities (e.g. Bypass Oracle auditing in all databases) will be fixed next week.

More about the CPU next tuesday night or at HITB 2008 Dubai.  Cesar Cerrudo and I will be there.

Posted in Oracle Security, Security | No Comments »

Sentrigo released a survey saying that 67% of the DBAs never apply Oracle CPUs

Montag, Januar 14th, 2008

Today Sentrigo published a press release saying that in a survey 67% of the attendees never apply Oracle Critical Patch Updates on their system.

Posted in Oracle Security, Security, Sentrigo | No Comments »

SANS Top-20 2007 Security Risks (2007 Annual Update)

Mittwoch, November 28th, 2007

Sans updated their Top-20 list of security risks.

One section covers Oracle and Database Software. Since September 2006 there are 18 new CVE vulnerabilities with a CVSS base score of 7 or higher.

CVE-2006-5332, CVE-2006-5333, CVE-2006-5334, CVE-2006-5335, CVE-2006-5336, CVE-2006-5339, CVE-2006-5340, CVE-2006-5341, CVE-2006-5342, CVE-2006-5343, CVE-2006-5344, CVE-2006-5345, CVE-2006-7138, CVE-2007-0272, CVE-2007-1442, CVE-2007-2113, CVE-2007-2118, CVE-2007-5506.

Some of the most critical vulnerabilities in Oracle databases like the view / inline-view bug or the bypass logon trigger are not covered in the SANS list.

BTW.: Microsoft SQL Server has only 1 vulnerability: CVE-2007-4814

Posted in Oracle Security, Security | 2 Comments »

Running Inguma PL/SQL Fuzzer against 10.2.0.3 with October 2007 CPU

Montag, Oktober 22nd, 2007

Today I modified the Inguma PL/SQL Fuzzer a little bit (adding my own enhancements) and run it against 10.2.0.3 with Oracle Critical Patch Update (CPU) October 2007 applied. After running it for a while (without a database crash) Oracle reported the following errors messages in trace files:

—–
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kghuclientasp+118] [PC:0x603D67AE] [ADDR:0x9253768] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kxsdcbc+205] [PC:0x8A7911] [ADDR:0x18] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_kxsdcbc+123] [PC:0x8A78BF] [ADDR:0x18] [UNABLE_TO_READ] []
ORA-07445: exception encountered: core dump [ACCESS_VIOLATION] [_qmuhshget_internal+228] [PC:0x605738A8] [ADDR:0x6474636B] [UNABLE_TO_READ] []
ORA-00600: internal error code, arguments: [kohcpi298], [], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [KGHALO2], [0x0], [], [], [], [], [], []
ORA-00600: internal error code, arguments: [qmsVarrayElemtds:pd or extra tmx], [], [], [], [], [], [], []
oracle.jdbc.driver.OracleSQLException: ORA-00933: SQL command not properly ended
oracle.jdbc.driver.OracleSQLException: ORA-01742: comment not terminated properly
oracle.jdbc.driver.OracleSQLException: ORA-01756: quoted string not properly terminated
——-

Some of the error messages are indication (just indication) for SQL Injection and buffer overflows. I will investigate…

Posted in Oracle Security, Security | No Comments »

« Older Entries
Newer Entries »