RSS

Category: Sybase ASE

Latest DBMS Security Patch Levels – Updated

TeamSHATTER keeps you up to date with the latest DBMS Security Patch levels to ensure you are protected with the latest security fixes. Last updated 3/21/2013   Oracle   Edition Latest Patch Release Date Comments Database 11g R2 Database 11g R1 Database 10g R2 Critical Patch Update January 2013 January 15th 2013   Database 10gR1 Critical Patch Update January 2012 January 17th 2012 Out of support. This was the final patch for 10gR1. Database 9i Critical Patch Update July 2010…

Click for complete article >>

Advisory: Sybase Java Operating System command execution vulnerabilityTeam Shatter Exclusive

Posted October 4, 2012 by Alex Rothacker in Sybase ASE, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Sybase ASE 15.0, 15.5 and 15.7 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security Inc. Details: It is possible to execute Operating System commands using the Java call Runtime.getRuntime().exec(). Impact: Any low privileged database user can execute Operating System commands on the Sybase server host with the privilege of the Sybase server process.  The attack requires that Java is installed and enabled on Sybase ASE. Vendor…

Click for complete article >>

Advisory: SQL Injection in Sybase ASE – Elevated roles through DBCCTeam Shatter Exclusive

Posted October 4, 2012 by Alex Rothacker in Security Advisory, Sybase ASE, Team Shatter Exclusive with 0 comments

Risk Level: High Affected versions: Sybase ASE 15.0, 15.5, 15.7 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Martin Rakhmanov of Application Security Inc. Details: Authenticated users can elevate privileges to any role via SQL injection in one of the DBCC commands. Impact: Authenticated users can elevate privileges to any role. Vendor Status: Vendor was contacted and a patch was released. Workaround: None. Fix: Sybase ASE 15.0: apply ESD#4.1. Sybase ASE 15.5: apply ESD#5.1. Sybase ASE 15.7:…

Click for complete article >>

Check Your Database ConfigurationsTeam Shatter Exclusive

Once upon a time, Database Management Systems (DBMS) had only a handful of configuration options and they didn’t allow the DBA many choices. The options available were simple - naming the database instance or which storage location to use for the data files. Today, there are a myriad of configuration options – many related to performance and enhanced feature sets. There are also many options that are either direct security settings, or that impact security. Having the correct configuration settings could…

Click for complete article >>
Powered by