Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oracle - Multiple Vulnerabilities/ XP SP2 Forum / VNC Brute Force / Web Hacking

Published: 2004-09-01
Last Updated: 2004-09-01 23:19:56 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Oracle - Multiple Vulnerabilities

US-CERT released today an advisory about multiple vulnerabilities in Oracle products.
Some interesting excerpts are:


"Several vulnerabilities exist in the Oracle Database Server,
Application Server, and Enterprise Manager software. The most serious
vulnerabilities could allow a remote attacker to execute arbitrary
code on an affected system. Oracle's Collaboration Suite and
E-Business Suite 11i contain the vulnerable software and are affected
as well."

and

"There are no workarounds that fully address the security vulnerabilities
that are the subject of this alert. Oracle strongly recommends that customers
apply the available patches without delay. Please see
http://otn.oracle.com/deploy/security/pdf/oracle_severity_ratings.pdf for
a definition of severity ratings."


Once again, TIME TO PATCH!


References: http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
http://www.us-cert.gov/cas/techalerts/TA04-245A.html

Another XP SP2 forum


Besides the ISC forum for users experiences (http://isc.sans.org/xpsp2.php), we received another good source of information for XP users regarding SP2. It is hosted by a hardware vendor, but I am sure that you can find some good information about problems with XP2.


Reference: http://forums.us.dell.com/supportforums/board?board.id=sw_svcpacks



VNC brute force


We got a report today about brute force scanning on VNC. This is the first one in some time. If you noticed similar activity in your VNC server, please let us know.



Web hacking

From time to time we receive a report about a web defacement or hacking through a web application. In general, someone discover a vulnerable script and uses a search engine to find sites that uses this vulnerable script. And, as you know, people dont usually care to patch their systems, imagine the web application (i.e. a forum). Please remember that not only the services (Web Servers, Mail Servers...) and Operating Systems (Kernel Patch,Service Pack...), but also your web application, (forums, bbs, shopping...) need patching.

Last year I wrote this small paper about that. If it is still worthwhile, take a look: http://isc.sans.org/webexploit.pdf (Some versions of pdf readers doesnt show the letters, so you may have to upgrade.)


--------------------------------------------------------------

Olympic Games Final Status: Brazil 4 gold/3 silver/3 bronze

Handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org)
Keywords:
0 comment(s)
Diary Archives