Penetration Testing mailing list archives
Re: Siebel Vulnerabilities
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Tue, 02 Aug 2005 12:33:56 +0200
Scott Roberts wrote:
Anyone have any insight into PenTesting/VulnAssessments on any version of Siebel? On searching many of the webs vulnerability databases (NTBugtraq, CVE, SecurityFocus) have nothing at all on anyproduct. It cannot be that simple. I know it's built on a DB backend (which can obviously be attacked) and a potentially vulnerable OS, butI've been asked to look solely at the Siebel itself. Any help would be greatly appreciated.
Don't take vulnerabiltity databases as the holy grail. There are _many_ products out there whose vulnerabilities do not get press attention or coverage in vulnerability databases. Almost any complex software systems (such as Tibco, Tivoli or HP Openview) do have a number of security issues. However, few people are going to have the opportunity to proper audit those as only a few corporations run them and people auditing them are typically under NDA agreements. Unless those that audit produce a flashy whitepaper ('Security in XXXX') you will never find their security issues. Of course, some vendors do have a clue and produces proper security guides for top-notch products that might be usable as an audit checklist reference. However, these guides might not be publicly available either.
Trust security vulnerability databases and sources for the common stuff (i.e. wide-spread applications such as web servers or operating systems), don't trust them to be accurate when dealing with uncommon stuff only fortune 100 companies use.
Just my 2c Javier ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Re: Siebel Vulnerabilities Javier Fernandez-Sanguino (Aug 02)
- Re: Siebel Vulnerabilities security curmudgeon (Aug 06)
- Re: Siebel Vulnerabilities Javier Fernandez-Sanguino (Aug 09)
- Re: Siebel Vulnerabilities security curmudgeon (Aug 06)