Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Information Security News: Database flaws more risky than thought

Database flaws more risky than thought

From: InfoSec News <isn_at_c4i.org>
Date: Fri, 24 Dec 2004 02:16:44 -0600 (CST)

http://news.com.com/Database+flaws+more+risky+than+thought/2100-1002_3-5502538.html

By Robert Lemos
Staff Writer, CNET News.com
December 23, 2004

Details of multiple security flaws in Oracle and IBM databases have
been released by the security company that found them.

The flaws, which were described in general terms in August and
September by Next-Generation Security Software, could allow an
attacker to remotely compromise servers running the database programs.
Security company Symantec raised its Internet threat rating of the
flaws to 2 from 1, based on the details released on Thursday.

NGSSoftware gave users of the databases more than three months to fix
their systems when it announced its discovery of the flaws. Oracle has
already released patches for the 10 vulnerabilities affecting its 9i
database, and IBM has issued fixes for two flaws in DB2 versions 7 and
8.1.

"Some of these are more serious than others," said David Litchfield, a
security researcher and co-founder of U.K.-based NGSSoftware. "Most of
these vulnerabilities can be exploited remotely."

The advisories can be found on NGSSoftware's Web site.

_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
Received on Dec 24 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]