|
ASAP Update: AppDetectivePro Update 5.3.3 - 05 November 2007
ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:
Product: AppDetectivePro
Oracle
- Password cases sensitivity not enabled
Examines if password case-sensitivity is enabled or not.
Risk: Low
- Accounts with case-insensitive passwords imported from older versions
Examines if there are accounts with case-insensitive passwords imported from 10g and before.
Risk: Low
- Database full version banner not suppressed
Examines if the database banner is set to display full version information or not.
Risk: Informational
- Protocol errors further action
Examines if the database is configured with appropriate setting when protocol error happens.
Risk: Informational
- Protocol errors trace action
Examines if the database is configured with appropriate trace setting when protocol error happens.
Risk: Informational
Microsoft SQL Server
- Local Privilege Escalation Using Named Pipes
Examines the possibility of privilege escalation for SQL Server, due to an error within old Windows [API] versions.
Risk: Medium
- SQL Server Provile bug
Examines if the database is vulnerable to the profiler bug.
Risk: Low
IBM DB2
- JDBC Applet Server Unspecified code execution vulnerability
Examines if the database is vulnerable to boundary condition attacks.
Risk: High
- DB2 Multiple Local and Remote Vulnerabilities
Examines if the database is vulnerable to multiple race condition attacks and buffer overflows.
Risk: Medium
- UPDATED! Latest fixpak not applied
Examines if the database is patched to the latest fixpak
Risk: High
System Auditing
- New system setting to track all application events performed
Extended Platform Support
- Added support for Oracle 11g
|
