Security Incidents mailing list archives
RE: Oracle 8i compromise questions
From: "Carolyn Jewel" <Carolyn.Jewel () LEGACYNET COM>
Date: Fri, 19 Aug 2005 14:12:28 -0700
<excerpt> -----Original Message----- From: Jack Donovan [mailto:jake.donovan () gmail com] Sent: Thursday August 18, 2005 1:00 PM To: incidents () securityfocus com Subject: Oracle 8i compromise questions Hello all, A client of mine reported a compromise of an outdated Oracle 8i (8.174) database server running on Windows 2000, </excerpt> SQL injection seems the most likely to me. The noted version is vulnerable to injection. Kind of hard to say, though, without knowing what applications are served by the db. Maybe you need to look at logs on app or web servers, too. Carolyn Jewel Database Administrator Enterprise Database Management Legacy Marketing Group 1.707.781.6010 ext 6881 ****This electronic mail message, and any attachments transmitted with it, contains confidential information, intended only for the named addressee(s). If you are not the intended recipient, or a person responsible for delivering this e-mail to the intended recipient, you are hereby notified that the use, distribution, copying, or disclosure of this communication is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by reply e-mail, and delete all copies of this communication from your computer and network. Thank you.*****
Current thread:
- Oracle 8i compromise questions Jack Donovan (Aug 19)
- Re: Oracle 8i compromise questions Joshua Wright (Aug 22)
- Re: Oracle 8i compromise questions Kevin Reardon (Aug 22)
- <Possible follow-ups>
- RE: Oracle 8i compromise questions Carolyn Jewel (Aug 22)