|
DbProtect AppRadar Filters™ - 30 October 2006
Oracle Critical Patch Update - October 2006
Oracle released the October CPU that patches and explains known vulnerabilities located within an Oracle database. While providing a patch reduces overall security threats, Application Security, Inc. understands that when a patch is initially released, your threat risk actually increases. The window of highest risk begins with the release of the CPU and ends when your systems are patched.
DbProtect AppRadar, which provides continuous database activity monitoring, helps to manage and reduce this risk throughout the patch management life-cycle. Application Security, Inc. publishes DbProtect AppRadar Filters to specifically monitor the vulnerabilities related to the October CPU. These vulnerabilities are identified as:
- SQL Injection in ENABLE_HIERARCHY
- SQL Injection in DISABLE_HIERARCHY
- BoF in MDSYS.MD2
- SQL Injection in DBMS_CDC_IMPDP
- SQL Injection in DBMS_CDC_IPUBLISH
- SQL Injection in DBMS_CDC_ISUBSCRIBE.PREPARE_UNBOUNDED_VIEW
- SQL Injection in DBMS_CDC_ISUBSCRIBE.CREATE_SUBSCRIPTION
- SQL Injection in DBMS_CDC_ISUBSCRIBE.EXTEND_WINDOW_LIST
- SQL Injection in DBMS_SQLTUNE
- Bof in MDSYS.SDO_GEOM
- SQL Injection in MDSYS.SDO_GEOR_INT
- SQL Injection in MDSYS.SDO_LRS
- SQL Injection in XDB.XDB_PITRIG_PKG
- SQL Injection in XDB.DBMS_XDBZ.DISABLE_HIERARCHY
- SQL Injection in DBMS_CDC_ISUBSCRIBE.SUBSCRIBE
- Possible SQL Injection in MDSYS.SDO_TUNE
- Possible BoF in DBMS_SCHEDULER
- BoF in MDSYS.SDO_3GL
- SQL Injection and BoF MDSYS.SDO_CS
- BoF in MDSYS.SDO_GEOM
Downloading and Applying Filters in DbProtect AppRadar
Please adhere to the following instructions to import this file into DbProtect AppRadar:
(1) Import the Oracle July CPU focused monitoring Filters
(2) Add the Filters to the appropriate Policies
(3) and redeploy the Policies to the databases
More detailed directions instructions can be found here.
|
