Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | AppSec's TeamSHATTER Reports 50% of Database Vulnerabilities in January 2011 Oracle CPUUnpatched databases vulnerable to complete database takeover
By: Application Security, Inc. The latest CPU contains 66 security vulnerability fixes across multiple Oracle products, six of which are specific to the Oracle database. Out of the six Oracle database server vulnerabilities, one has been assigned a CVSS (Common Vulnerability Scoring System) score of 10 out of 10 – representing the highest possible risk. The second vulnerability was assigned a score of 7.5 out of 10 representing significant risk. In addition, two of the database vulnerabilities may be remotely exploitable without authentication. AppSec supports every Oracle CPU by updating its market-leading solutions, AppDetectivePro for auditors and IT advisors and DbProtect for the enterprise with the appropriate scanning checks and monitoring filters through its monthly ASAP Update™ (Application Security Automatic Protection) process. DbProtect updates will include monitoring filters for the new security vulnerabilities, enabling customers to protect sensitive information during the deployment of new patches across their database infrastructure. AppSec’s TeamSHATTER has been providing its customers and database vendors with the most up-to-date database vulnerability information to ensure the security of information stored in databases. In this CPU, Esteban Martinez Fayo of Team SHATTER was credited for reporting two database vulnerabilities: “Three of the vulnerabilities in this CPU are directly related to Oracle Database Vault and Oracle Audit Vault, said Alex Rothacker, Director of Security for AppSec’s TeamSHATTER. “These services are supposed to enhance security. It is very disconcerting that rather than reducing risk, these three vulnerabilities actually introduce significant risk, and in one case allows for a remote, full, and unauthenticated takeover of the system. TeamSHATTER’ AppSec’s TeamSHATTER has identified the following vulnerabilities as high risk: • CVE-2010- • CVE-2010- According to Team SHATTER’s Alex Rothacker, “Although CVE-2010-3600 is rated by Oracle with a CVSS score of 7.5, this vulnerability is more severe than the score suggests, since it allows for complete takeover of the database management system (DBMS). In certain cases the CVSS ratings for vulnerabilities do not adequately reflect the threat to critical databases. TeamSHATTER suggests that this vulnerability should be scored as a CVSS version 10.” About TeamSHATTER AppSec’s TeamSHATTER (Security Heuristics of Application Testing Technology for Enterprise Research) has pioneered vulnerability assessment and prevention. The team understands how to make security an integral part of an enterprise’s database security and network management infrastructure. TeamSHATTER’ # # # About Application Security, Inc. AppSec is the leading provider of database security, risk and compliance (SRC) solutions for the enterprise. AppSec’s agentless approach - AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise - delivers the industry’s most scalable database SRC solution and is in use around the world in the most demanding environments by over 2,000 customers. The company was named to Inc. Magazine’s 2007 (Inc. 500) and 2008 list of America’s Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche. For more information, please visit www.appsecinc.com | www.teamshatter.com For a free database vulnerability assessment visit http://info.appsecinc.com/ Follow us on Twitter: www.twitter.com/ End
|
| |||||||||||||||||||||||||||||||||||||||||||||
