In association with heise online

23 July 2009, 13:39

Metasploit tool attacks Oracle's vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Metasploit logo Chris Gates of the Metasploit hacker group will present a free tool for attacking Oracle databases at the Black Hat conference that begins in Las Vegas this Saturday. A video in which Gates demonstrates such attacks appeared in February.

In it he shows how first the protected SID (Oracle System ID) is determined, then a user name and password are established using a brute-force attack, and finally the privileges of that user are escalated to administrator level. The target is an Oracle database.

According to Oracle, the vulnerabilities then present that were exploited by the tool have now been fixed, but not all database administrators regularly update the product, even though patches are issued every three months.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit