Tuesday, November 01, 2005

Not just a fly, but also a Worm in the soup

An anonymous hacker just "published" an Oracle DB worm. The hacker published the code on the “Full-disclosure mailing list” with a subject line reading "Trick or treat, Larry."

Alexander Kornbrust, founder and CEO of Red-Database-Security, says, "this version of the worm is not dangerous but anyone can use this as a framework and inject a more malicious payload. At the moment, it just creates a table in the [remote] database if the attack is successful. But, it can be programmed to do much more than that. It's quite easy to replace this payload with a more dangerous payload."

In the interim, Kornbrust has a few protection recommendations for enterprise DB administrations:
  • Change your default passwords in every database test/development/education/production)
  • Revoke the privilege "CREATE DATABASE LINK" from the (default) CONNECT role (up to Oracle 10g Rel. 1)
  • Revoke the public grant from the package utl_tcp if not needed.
  • Revoke the public grant from utl_inaddr if not needed.
  • Protect your TNS listener with a strong password. On Oracle 10g, always disable local OS authentication and use a strong password instead.
  • Change the TNS listener default port from 1521 to a different port.

Looks like worms likes all brands of software, not just Microsoft's.


Post a Comment

<< Home