Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Siebel Vulnerabilities
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Tue, 02 Aug 2005 12:33:56 +0200

Scott Roberts wrote:

Anyone have any insight into  PenTesting/VulnAssessments on any
version of Siebel? On searching many of the  webs vulnerability
databases (NTBugtraq, CVE, SecurityFocus) have nothing at all  on any
product. It cannot be that simple. I know it's built on a DB backend (which can obviously be attacked) and a potentially vulnerable OS, but
I've been  asked to look solely at the Siebel itself. Any help would
be greatly  appreciated.

Don't take vulnerabiltity databases as the holy grail. There are _many_ products out there whose vulnerabilities do not get press attention or coverage in vulnerability databases. Almost any complex software systems (such as Tibco, Tivoli or HP Openview) do have a number of security issues. However, few people are going to have the opportunity to proper audit those as only a few corporations run them and people auditing them are typically under NDA agreements. Unless those that audit produce a flashy whitepaper ('Security in XXXX') you will never find their security issues. Of course, some vendors do have a clue and produces proper security guides for top-notch products that might be usable as an audit checklist reference. However, these guides might not be publicly available either.

Trust security vulnerability databases and sources for the common stuff (i.e. wide-spread applications such as web servers or operating systems), don't trust them to be accurate when dealing with uncommon stuff only fortune 100 companies use.

Just my 2c

Javier

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]