Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2008-04-13 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Deja-Vu - database attack vector development

Published: 2008-04-13
Last Updated: 2008-04-13 08:05:06 UTC
by Patrick Nolan (Version: 1)
0 comment(s)

Over on the McAfee Avert Labs Blog, analysts Shinsuke Honjo and Geok Meng Ong have posted additional analysis of the Fribet trojan. The trojan "loads the “SQL Native Client” ODBC library, and is designed to receive arbitrary SQL statements from a command and control server. In turn, the ODBC library provides the functionality to Fribet to bind SQL connections and run arbitrary SQL commands from the victim machine(s)". A bit later they note "The attacker still needs to find out the information required to connect the database such as DSN, hostname, database name, User and Password, however, that information can be collected via other monitoring functions".

All your databases accessed by database support are theirs ( ; ^ ( 

 

Keywords:
0 comment(s)

Oracle April Patch Advance Information Posted

Published: 2008-04-13
Last Updated: 2008-04-13 00:18:14 UTC
by Patrick Nolan (Version: 1)
0 comment(s)

Oracle has posted it's advance information for it's Critical Patch Update for April 2008, to be released on Tuesday, April 15, 2008.

"The highest CVSS 2.0 base score of vulnerabilities across all products is 6.6 for servers and 9.3 for Application Server clients".

Oracle Critical Patch Update Pre-Release Announcement - April 2008

Keywords:
0 comment(s)
Diary Archives