RSS

Category: IBM DB2

What Every Database Administrator Should Know About Security

[The following is excerpted from "What Every Database Administrator Should Know About Security," a new report posted this week on Dark Reading's Database Security Tech Center.] To say that there is friction between security professionals and database administrators (DBAs) is putting it mildly. Database administrators are both the caretakers of database platforms and the managers of data. Very seldom are they also security experts. In many enterprises, the DBA and the security team find themselves at odds because the DBA is…

Click for complete article >>

Latest DBMS Security Patch Levels – Updated

TeamSHATTER keeps you up to date with the latest DBMS Security Patch levels to ensure you are protected with the latest security fixes. Last updated 3/21/2013   Oracle   Edition Latest Patch Release Date Comments Database 11g R2 Database 11g R1 Database 10g R2 Critical Patch Update January 2013 January 15th 2013   Database 10gR1 Critical Patch Update January 2012 January 17th 2012 Out of support. This was the final patch for 10gR1. Database 9i Critical Patch Update July 2010…

Click for complete article >>

Not Everything Is Bigger In Texas: A Recap Of TakeDownCon DallasTeam Shatter Exclusive

Posted May 31, 2011 by Alex Rothacker in Database Security, Database Vendor, IBM DB2, Oracle, Team Shatter Exclusive with 1 comment
takedowncon

I recently attended TakeDownCon Dallas. This is a new security conference run by the same crew that created HackerHalted. Their stated goal is to keep the level rather technical with top notch speakers, but at the same kind keep a smaller, more intimate setting. I have to say they did a great job reaching that goal. My colleague Josh Shaul and I had the privilege of opening with the first presentation of the event with The Anatomy of a Database Attack that featured some Oracle…

Click for complete article >>

Check Your Database ConfigurationsTeam Shatter Exclusive

Today, there are a myriad of database configuration options – many of which are either direct security settings, or that impact security. When a new database is installed, DBAs need to address many configuration options to enhance database security. Let’s look at a few database configurations that should be followed. Database Management Systems (DBMS) are complex. In the infancy of the DBMS, there were only a handful of configuration options, leaving little choices for the DBAs in charge of them…

Click for complete article >>

Check Your Database ConfigurationsTeam Shatter Exclusive

Once upon a time, Database Management Systems (DBMS) had only a handful of configuration options and they didn’t allow the DBA many choices. The options available were simple - naming the database instance or which storage location to use for the data files. Today, there are a myriad of configuration options – many related to performance and enhanced feature sets. There are also many options that are either direct security settings, or that impact security. Having the correct configuration settings could…

Click for complete article >>

Remote DoS during CONNECT processing

Posted September 1, 2006 by egonzales in Database Security, Database Vendor, IBM DB2, IBM DB2, Security Advisory, Topics with 0 comments

Remote DoS during CONNECT processing Sept 1, 2006 Risk Level: Medium Affected versions: All versions of IBM DB2 Database Server Credits: This vulnerability was discovered and researched by Vivek Rathod of Application Security, Inc. Details: When connecting to a remote DB2 instance, the version 7 client typically sends a SQLJRA packet requesting start of the connection. If this SQLJRA packet is specially crafted, it can cause a DoS attack by crashing the DB2 instance. Altering a few bytes at specific…

Click for complete article >>

Denial of Service Vulnerability in Discovery

Posted September 18, 2003 by egonzales in Database Security, Database Vendor, IBM DB2, IBM DB2, Security Advisory, Topics with 0 comments

Denial of Service Vulnerability in Discovery September 18, 2003 Risk level: Low Summary: IBM DB2 provides a UDP service used as a discovery service for locating DB2databases on the network. This UDP service shuts down when sent more than 20bytes. Details: IBM DB2 is a database that provides many services. One of these services is a discovery service. This is used to locate a service when configuring a connection. This service listens on UDP port 523. This service typically receives…

Click for complete article >>
Powered by