Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Oracle worm raises security fears

Oracle worm raises security fears

by Nikola Strahija on November 4th, 2005 The Oracle Voyager worm targets Oracle databases with default user accounts and passwords and was posted on a full disclosure list on Monday, 31. October.


Even though the worm’s not that threatening, security researchers fear the code might be used as a template to develop future malware.

The worm uses a net connection package (called UTL_TCP) to scan for Oracle databases on the local network. Once it finds another database, the SID is retrieved and the worm uses several default username and password combinations to attempt to log onto the remote database. The proof-of-concept worm is harmless but possible follow-up code may not be so chivalry.

-In its current state, the worm isn't a terribly significant threat. However, is can be treated as an early warning sign for future variants of the worm that include additional propagation methods, SANS Institute's Internet Storm Centre, an organisation which tracks net-based threats, posted.

The scope of the potential threat remains unclear. Security experts nonetheless urge Oracle system administrators to take precautions to shore up security defence. US-CERT, offers the following advice: change default user credentials for Oracle installations, change the default port for the TNS listener, restrict Oracle network access to trusted hosts only and revoke CREATE DATABASE LINK privileges from the CONNECT role.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »