Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Posted Jan 13, 2010

Where to find database vulnerabilities not yet fixed; Coming January 18 - February 1

By DatabaseJournal.com Staff

If you haven’t heard yet, a Russian security firm, Intevydis, has become so frustrated with the unresponsiveness of vendors that they have pledged to reveal details of undisclosed flaws in enterprise applications (including databases) they have discovered for the remainder of January. This started January 11th and currently has the two vulnerabilities posted on the Intevydis blog:
  • Jan. 11 - Sun Directory Server 7.0 core_get_proxyauth_dn DoS
  • Jan. 12 - Tivoli Directory Server 6.2 do_extendedOp DoS
So how do your applications and databases stack up in the mix? Here is the current schedule of exposures according to the Intevydis blog:
  • [January 11, January 17] – week of directory server bugs, 0days in Novell eDirectory, Sun Directory, Tivoli Directory..etc
  • [January 18 - January 24] – week of web server bugs, 0days in Zeus Web Server, Sun Web Server, Apache(?)..etc
  • [January 25 - February 1] – week of database bugs, inspired by our research for DBJIT Toolset, 0days in Mysql, IBM DB2, Lotus Domino, Informix, Oracle(?)…and hopefully more
It is nice to see that they have saved the databases until last. Maybe the vendors will respond between now and then to remedy the riff that has occurred and our databases will remain safe.
View Article

Daily News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.