RSS

Category: Oracle

TeamSHATTER’s Analysis of the October 2013 Oracle CPUTeam Shatter Exclusive

Posted October 16, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It’s the second Tuesday in October, so it is Oracle Critical Patch Update (CPU) time. The October 2013 CPU contains 127 fixes across Oracle’s Database, Fusion Middleware, Enterprise Manager, E-Business Suite, PeopleSoft, Siebel, Oracle and Sun Systems Product Suite, MySQL, Oracle Linux and Virtualization, and Oracle Java product lines. This is the first CPU to include Java fixes, and with 51 fixes it is a sizable portion of the CPU’s total fixes. 92 of the fixes in this CPU are…

Click for complete article >>

TeamSHATTER’s Analysis of the July 2013 Oracle CPUTeam Shatter Exclusive

Posted July 17, 2013 by Alex Rothacker in Database Security, Oracle, Oracle, Team Shatter Exclusive with 0 comments

It is Oracle Critical Patch Update (CPU) time, so lace up your patching gloves. The July 2013 CPU contains 89 fixes across Oracle’s Database, Fusion Middleware, Hyperion, Enterprise Manager, E-Business Suite, Supply Chain, PeopleSoft, iLearning, Industry Applications Product Suite, Oracle and Sun Systems Product Suite, MySQL and Oracle Linux and Virtualization product lines. 45 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities….

Click for complete article >>

What Every Database Administrator Should Know About Security

[The following is excerpted from "What Every Database Administrator Should Know About Security," a new report posted this week on Dark Reading's Database Security Tech Center.] To say that there is friction between security professionals and database administrators (DBAs) is putting it mildly. Database administrators are both the caretakers of database platforms and the managers of data. Very seldom are they also security experts. In many enterprises, the DBA and the security team find themselves at odds because the DBA is…

Click for complete article >>

Latest DBMS Security Patch Levels – Updated

TeamSHATTER keeps you up to date with the latest DBMS Security Patch levels to ensure you are protected with the latest security fixes. Last updated 3/21/2013   Oracle   Edition Latest Patch Release Date Comments Database 11g R2 Database 11g R1 Database 10g R2 Critical Patch Update January 2013 January 15th 2013   Database 10gR1 Critical Patch Update January 2012 January 17th 2012 Out of support. This was the final patch for 10gR1. Database 9i Critical Patch Update July 2010…

Click for complete article >>

Oracle Database 11g stealth password cracking vulnerability in logon protocol (CVE-2012-3137)Team Shatter Exclusive

Posted February 20, 2013 by TeamSHATTER Admin in Database Security, Database Vendor, Oracle, Oracle, Security Advisory, Team Shatter Exclusive with 0 comments

The vulnerability I will describe in this blog post has some aspects that make it especially noteworthy, which are derived from the fact that the issue lies in a critical portion of the authentication protocol. The vulnerability can be exploited in a stealth way, going undetectable because all the attacker needs is information that the Server sends freely as part of a normal authentication process. In addition, the vulnerability is so intimately part of the authentication protocol that it couldn’t…

Click for complete article >>

TeamSHATTER’s Analysis Of The January 2013 Oracle CPU

Posted January 17, 2013 by Alex Rothacker in Database Security, Oracle with 0 comments

It’s Oracle Critical Patch Update (CPU) Tuesday, so lace up your patching gloves and let’s get started. The January 2013 CPU contains 86 fixes across Oracle’s Database, Access Manager/Webgate, GoldenGate Veridata, Outside In, WebLogic, Application Performance Management, Enterprise Manager, E-Business Suite, Agile PLM Framework, People Soft, JD Edwards EnterpriseOne Tools, Siebel CRM, Sun Product Suite, Virtual Box and MySQL product lines. 45 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words,…

Click for complete article >>

Oracle Security Alert for CVE-2012-3132Team Shatter Exclusive

Posted August 13, 2012 by Alex Rothacker in Oracle, Oracle, Team Shatter Exclusive with 0 comments

Here’s an update on the Oracle vulnerability we discussed last week. On Friday, Oracle issued a Security Alert to address the vulnerability. For those of you who didn’t read the post last week, read the overview section below to get up to speed. Everyone else can skip down to the Who Is Vulnerable section. At the 2012 Black Hat Conference in Las Vegas, David Litchfield released the details of yet another unpatched Oracle vulnerability.  Litchfield’s presentation was an examination of…

Click for complete article >>

Oracle Customers Need To Move Quickly To Patch High-Risk Vulnerabilities

Posted July 18, 2012 by TeamSHATTER Admin in Data Breach, Database Security, Oracle with 0 comments
risk2

Security experts are urging Oracle customers to move quickly on deploying the quarterly Critical Patch Update (CPU) released by the company yesterday, as the updates include fixes for a number of very high-risk vulnerabilities within the Oracle’s Fusion Middleware and database product portfolios. Overall, the CPU included 87 patches across its product lines. Chief among the concerns is a CVSS level 10 vulnerability in JRockit and several database vulnerabilities that could leave users open to denial-of-service (DoS) attacks. Click for…

Click for complete article >>

TeamSHATTER’s Analysis of the July 2012 Oracle CPUTeam Shatter Exclusive

Posted July 17, 2012 by Alex Rothacker in Database Security, Oracle, Team Shatter Exclusive with 0 comments

It’s Oracle Critical Patch Update (CPU) Tuesday, so  lace up your patching gloves. The July 2012 CPU contains 87 fixes across Oracle’s Database, Application Express, Secure Backup, Fusion Middleware, Hyperion, Enterprise Manager, E-Business Suite, Supply Chain, People Soft, Siebel Health Sciences, Sun and MySQL product lines. 43 of the fixes in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities. Two products have fixes for vulnerabilities that…

Click for complete article >>

Who’s To Blame For Oracle Database Security Woes? Look In The Mirror

Posted May 8, 2012 by Tim Whitman in Data Breach, Database Security, Oracle, Oracle with 0 comments
mirror

Since it was first disclosed, I’ve been talking to lots of folks about the Oracle “TNS poison” vulnerability that’s out there. Mostly, the talk has been focused on understanding the risks and implementing appropriate workarounds. But there seems to almost always come a time in the conversation when someone asks, “How can this be?” It’s stunning to consider that Oracle sat on this issue for so long. It’s a critical vulnerability that fully compromises any Oracle database. It’s easy to…

Click for complete article >>
Powered by