Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2002
    Location
    Desk, slightly south of keyboard
    Posts
    697

    Unanswered: Proof of concept Oracle worm

    Please don't email me directly with questions. I've probably just got home from the pub and cannot guarantee the sanity of my answers. In fact, I can't believe I actually made it home.

  2. #2
    Join Date
    Jan 2004
    Location
    Croatia, Europe
    Posts
    4,094
    Provided Answers: 4
    ... the worm uses several default username and password combinations to attempt to log onto the remote database.
    Is there any serious DBA who leaves default passwords for critical usernames (such as SYS and SYSTEM)? If so, he deserves data corruption

    Even if this worm connects as SCOTT/TIGER (or similar accounts), I guess that possible damage is minimal as Scott's privileges are really restricted (unless they aren't, of course). Truncating scott.emp table isn't something that a hacker should be proud of.

    Perhaps I'm too optimistic regarding such threats ... what do you think about it? But please, don't ruin my weekend - leave bad news for next Monday

  3. #3
    Join Date
    Nov 2002
    Location
    Desk, slightly south of keyboard
    Posts
    697
    Hi Littlefoot,

    Even getting a connection as scott/tiger could well be catastrophic.

    Imagine an on login trigger (is an "on instance start" trigger possible for scott?), which calls a function which calls itself. You would firstly bring the instance to it's knees pretty quickly and secondly make the instance virtually irrecoverable.

    Bear in mind it is only proof of concept stuff though

    Have a good weekend!

    Bill
    Please don't email me directly with questions. I've probably just got home from the pub and cannot guarantee the sanity of my answers. In fact, I can't believe I actually made it home.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •