Appears dangerous code exploiting Oracle error

This proven malicious code is now available via the Full-disclose email list with the content of the message as

A hidden hacker has just launched a malicious code to exploit the recent security vulnerability.

Picture 1 of Appears dangerous code exploiting Oracle error

Oracle Group Chairman - Larry Ellison

This proven malicious code is now available via the Full-disclose email list with the ' Trick or treat Larry ' content. Obviously, this letter is intended for the executive chairman of Oracle Corporation Larry Ellison.

Security experts have taken a portion of this malicious code for testing purposes and have confirmed that this code is really capable of breaking into the Oracle database with the default account and password.

Alexander Kornbrust, one of the founders and chief executive officer of Red-Database-Security , said that the publication of this dangerous code is really a wake-up call and warns that this code could be change to cause more serious consequences. ' This version of the code is not dangerous, but anyone can use the frame as this code and then modify it to cause more damage .'

Kornbrust, who is a well-known expert with Oracle database security studies, has also conducted research on analyzing this code himself and confirmed that this code uses the default username and password to break into. Attack while the administrator has to sit and watch but it is difficult to react. This code uses UTL_TCP to send control commands to each IP address within the network address range if the database system IP feature is enabled. If a database is found, this code will issue a personal database link and try to connect to it using the default username and password. However, according to Kornbrust, this dangerous code is still not 'perfect' without being able to replicate itself.

" From my experience, most customers still use the default password. Users only change passwords in some databases. But also at least 60% of users. User has never changed the default password. '

" If someone incorporates a Windows worm with a worm that attacks Oracle, the consequences can be unpredictable. Windows Worms can spread quickly and will help spread Oracle worms ."

Kornbrust recommends that Oracle users or administrators should take the following actions:

- Change the default password in every database of the application. (test / development / education / production)
- Remove ' CREATE DATABASE LINK ' priority in CONNECT role ( from Oracle version 10g Rel.1 and above )
- Remove the public access level in the utl_tcp package.
- Remove public access level in utl_inaddr.
- Protect TNS with a password. In Oracle 10g, the operating system authentication feature is not always enabled and replaced with a password.
- Change the default TNS port from port 1521 to another port

Update 14 December 2018
« PREV
NEXT »
Category

Technology

Life

Discover science

Medicine - Health

Event

Entertainment