Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Oracle worm creates table 'x'
Published: 2005-11-02

An Oracle worm posted to the Full-disclosure mailing list on Monday may be harmless now, but with the source code available it may not stay that way.

The worm scans local subnets looking for other database servers, and then tries various common username and password combinations. If this succeeds, a table 'x' is placed on the server and the cycle is repeated. With the source code in the wild, it is trivial to change this table creation to something less benign.

Oracle has been criticized in the past for its lax response to security issues, and given the company’s prior slogan of being "Unbreakable" this worm shows the importance of acting swiftly on vulnerabilities, before they become widespread problems.

A summary of the worm contains suggestions on protecting yourself - several of which are basic - such as changing default passwords. Although seemingly simple, these basic steps are often overlooked in the midst of patching, testing, and the plethora of other security related duties. That's one 'whoops' many administrators won't want on their resume however, making it wise to double-check.


Posted by: Peter Laborge
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Oracle worm creates table 'x' 2005-11-02
Anonymous (1 replies)
Re: Oracle worm creates table 'x' 2005-11-07
assurbanipal







 

Privacy Statement
Copyright 2009, SecurityFocus