|
ASAP Update - 05 November 2007
ENHANCEMENTS IN THIS ASAP UPDATE INCLUDE:
Product: DbProtect Vulnerability Assessment Scan Engine (AppDetective)
Oracle
- Password cases sensitivity not enabled
Examines if password case-sensitivity is enabled or not.
Risk: Low
- Accounts with case-insensitive passwords imported from older versions
Examines if there are accounts with case-insensitive passwords imported from 10g and before.
Risk: Low
Database full version banner not suppressed
Examines if the database banner is set to display full version information or not.
Risk: Informational
- Protocol errors further action
Examines if the database is configured with appropriate setting when protocol error happens.
Risk: Informational
- Protocol errors trace action
Examines if the database is configured with appropriate trace setting when protocol error happens.
Risk: Informational
Microsoft SQL Server
-
Local Privilege Escalation Using Named Pipes
Examines the possibility of privilege escalation for SQL Server, due to an error within old Windows [API] versions.
Risk: Medium
-
SQL Server Provile bug
Examines if the database is vulnerable to the profiler bug.
Risk: Low
IBM DB2
-
JDBC Applet Server Unspecified code execution vulnerability
Examines if the database is vulnerable to boundary condition attacks.
Risk: High
-
DB2 Multiple Local and Remote Vulnerabilities
Examines if the database is vulnerable to multiple race condition attacks and buffer overflows.
Risk: Medium
-
UPDATED! Latest fixpak not applied
Examines if the database is patched to the latest fixpak
Risk: High
|
