Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle 'Worm' Exploit Modified

Posted by CowboyNeal on from the flirting-with-disaster dept.

answers writes "Two months after an anonymous researcher released the first public example of an Oracle database worm, the exploit code has been advanced and republished, adding new techniques to attack databases. From the article: "It's still very theoretical right now, but I don't think any DBA should be underestimating the risk," said Alexander Kornbrust, CEO of Red-Database-Security GmbH. "If you're running a large company with hundreds of valuable databases, a worm can be very destructive. It is very possible to use this code to release a worm. I can do this right now if I wanted to.""

7 of 87 comments (clear)

  1. firewalls? by mtenhagen · · Score: 5, Insightful

    How many oracle db's are connected directly to the internet? Even within most company's their isnt a direct connection option to the db but only thru an application.

    Of course this is an exploit but the impact shouldn't be overrated.

    --
    200GB/2TB $7.95 Coupon: SAVE90DOLLAR
    1. Re:firewalls? by legirons · · Score: 2, Insightful

      "How many oracle db's are connected directly to the internet?"

      Shouldn't that be "how many oracle db's are connected directly to computers which might get infected with a virus"?

      e.g. plenty of firewalled LANs got CodeRed, Sasser, etc. (including that nuclear power station which nobody thought was internet-connected)

  2. Backup Data? by Artie+Dent · · Score: 5, Insightful

    It seems that any "valuable database" would be sufficiently backed up in non-attackable media. So while it probably could create a lot of hassle, I'd have a hard time seeing this worm bringing down companies.

    1. Re:Backup Data? by KiloByte · · Score: 4, Insightful

      You're assuming that they are run by competent people -- and this is a thoroughly false assumption.

      If I combine everyone from my company and all companies we cooperate with, I can name only two people who consider backups to be anything but an annoying waste of time some pessimists are blabbing about in order to suck in some of their money.
      Redundant hardware runs against the principle of cutting costs; no bean counter would even consider investing in data integrity.

      When I tell people that I installed a script that will back up the most valuable part of the data and dump them to a remote location, the reaction is like: uh, cool, but what if it breaks things?

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. The Realm of the Professional Cracker by mosel-saar-ruwer · · Score: 4, Insightful

    How many oracle db's are connected directly to the internet? Even within most company's their isnt a direct connection option to the db but only thru an application.

    Here you begin to enter the realm of the professional cracker [apologies to chef], my little padawan novitiate.

    The professional employs something like the WMF vulnerability to crack the client OS, and then uses the client application to crack the DB.

    And when he's seen what he needs to see, the professional tidies up and removes any evidence of his intrusion.

    In all seriousness, the PRC Red Army's "TITAN RAIN" operation is more than a little troubling in this regard:

    The Invasion of the Chinese Cyberspies
    (And the Man Who Tried to Stop Them)

    ...The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter's eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn't until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat...

    http://www.securityteam.us/article.php/20050829200 849601/print

    http://it.slashdot.org/article.pl?sid=05/08/28/174 5245

  4. Re:doesn't exploit a vulnerability by Anonymous Coward · · Score: 1, Insightful

    So which is more probable, from a 'cracker' or from "the DBA workstation through a Windows vulnerability, gain access to that local machine and use the Oracle worm as a payload to cause damage?"

    Since when does a windows vulnerability (or other network security failure) qualify as a weekness in Oracle?

    If the System administrators don't do their job, you don't have a system anyway.

  5. My 2 Cents by Anonymous Coward · · Score: 1, Insightful
    SQL injection is a bigger issue against any DB.

    Regardless of the exploit taken, if the DB is properly configured and secured the only "lost" of data should be against the schema being attacked. And then you can use Oracle's Flashback technology to roll back that one transaction - if caught in time.

    True loss of data means the DBA did not do their job. Of course, this is usually, in my experience anyway, the fault of managment and the business - budget/time/resources.