Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 62 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » November 2005 » Oracle worm in the wild

[Previous entry: "UKOUG tomorrow"] [Next entry: "UKOUG so far"]

Oracle worm in the wild

November 1st, 2005 by Pete

Today Alex has made a post to my forum titled "Oracle voyager worm". This mentions a post to the full disclosure list titled "trick or treat Larry" that details PL/SQL code for an Oracle worm. Alex has also analysed the worm on his site in a document titled "Analysis Oracle voyager worm". This paper describes what the worm does. Basically this worm uses UTL_TCP to send a command to the listener potentially on each IP Address in the same net range as the IP the database is on. If it finds a database it creates a private database link and then tries to connect on that link using default users and passwords. It then creates a table callled 'X' in the remote database. The code looks incomplete as the worm does not replicate itself. This could be changed. The poster is anonymous. This is a worrying new event for anyone running insecure databases. Take simple precautions, revoke the execute privileges on UTL_TCP, change all default passwords, do not use 1521 for the listener and disable local authentication on the 10g listener and instead use a strong password. Alex has detailed some of these and more on his site.

November 2005

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!