Application Security Inc. - Database Security, Monitoring, Assessment, Auditing, Encryption, and Regulatory Compliance.
 
 
 
home client login partner login purchasing info contact us
search:
Solutions Products Partners Support News & Events About Us
add this
AppSec Inc Support

Security Updates - ASAP™ Updates
(Application Security Automatic Protection)

AppDetective™ Update 5.0.6 - 10 June 2005

ENHANCEMENTS

Oracle - NEW CHECKS

  • DBMS_SCHEDULER privilege escalation
    Examines if the database is vulnerable to DBMS_SCHEDULER privilege escalation
    Risk Level - Medium
  • Fine-grained auditing (FGA) bypass vulnerability
    Examines if the database is vulnerable to fine-grained auditing (FGA) bypass issue
    Risk Level - Medium

MySQL - NEW CHECKS

  • CREATE FUNCTION arbitrary code execution
    Examines if the database is vulnerable to a CREATE FUNCTION arbitrary code execution attack
    Risk Level - High
  • Privilege Escalation Using GRANT With Underscore Characters
    Examines if the database is vulnerable to privilege escalation when using databases containing underscore characters
    Risk Level - Medium
  • Multiple DoS flaws prior to version 4.1.11
    Examines if the database is vulnerable to multiple denial of service attacks
    Risk Level - Medium
  • Multiple DoS flaws prior to version 4.1.10
    Examines if the database is vulnerable to multiple denial of service attacks
    Risk Level - Medium
  • Insecure Temporary File Creation Privilege Escalation
    Examines if the database is vulnerable to an insecure temporary file privilege escalation attack
    Risk Level - Medium
  • Privilege escalation in mysqlaccess script
    Examines if the database is susceptible to local privilege escalation in mysqlaccess script
    Risk Level - Low
  • Improper Privilege Switching in MySQLd
    Examines if the database improperly decreases its privileges
    Risk Level - Low

Lotus Notes/Domino - NEW CHECKS

  • Time and date fields buffer overflow
    Examines if the server is vulnerable to buffer overflow vulnerability in certain time and date fields
    Risk Level - High
  • NRPC authentication format string vulnerability
    Examines if the server is vulnerable to format string vulnerability during NRPC authentication
    Risk Level - High
  • SetHTTPHeader injection
    Examines if the server is vulnerable to SetHTTPHeader injection
    Risk Level - Medium

UPDATED CHECKS

  • Oracle
  • Sybase
  • IBM DB2 on Mainframe
  • Microsoft SQL Server - Updated "Latest service pack/hot fix not applied" for support for Microsoft SQL Server 2000 SP4

ENHANCEMENTS

Return to ASAP™ Updates Listing
 
Contact Us | Privacy | Sitemap | Legal
sales@appsecinc.com | support@appsecinc.com 		Call us toll free at: 1-866-927-7732 | FAX: 1-212-947-8788
. Application Security, Inc. All Rights Reserved