Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New Oracle Security Book, UKOUG and Finland"] [Next entry: "Two exploit versions of the ctxsys.drvxtabc.create_tables bug from Bunker"]

A new Russian Oracle Security Tool



I saw a post yesterday on my Oracle security forum by DSU titled "Oracle Security Tools (GUI)" that talks about a new Russian Oracle security tool written to test Oracle vulnerabilities. The tool is limited at the moment. The site that hosts the code is http://securetools.ru/en/index.php and the code can be downloaded from http://securetools.ru/tools/OraSecureTools.7z; beware that my virus scanner says the site could be malicious although I am unsure that this is actually true.

[update: cyber$snake has posted a comment below confirming that his download not malicious and there is a virus check link posted as well - the issue of genuine security tools being picked up by commercial virus scanners can be a problem that i have seen before; this is often because genuine tools get listed on sites that are the source for virus definitions]


DSU has written a quick summary of the new tool on his blog and also the site hosting it contains a lot of screen dumps of the tool in action. As DSU says its limited at the moment but development is in hand.

DSU has also got a nice blog about Oracle security written in Russian. Translating is easy with google to English although as always code and pictures are readable anyway in English. I have added DSU's blog to my oracle blogs aggregator so you can always get a link to new posts. For inastance today he has just posted an exploit for DBMS_SQLHASH.GETHASH written in Perl for instance.

There has been 2 Comments posted on this article


November 30th, 2009 at 04:51 pm

cyber$nake says:

Hi Pete!
I assure you for 100% that there is no any malicious code. The scan result is at www.virustotal.com (http://www.virustotal.com/de/analisis/1342676f1cc53794ca5dd4bd133ff3db3d1435f6114322e1e36a5a48271d5021-1256494267).
Blog Alexander Kornbrust: (http://blog.red-database-security.com/2009/11/13/new-russian-oracle-exploit-tool-oracle-security-tools/). If your antivirus reacted as to malicious code, it may have happened because a code of exploits and functions of attacks and penetrations is included into this tool.
Blog DSU: (http://dsu.com.ua/node/13?1192681543=1) - this my comments.



December 2nd, 2009 at 10:20 am

Pete says:

Thanks for your comment. I assumed that there was not an issue thats why i said "could be" but its good to get the clarification. i have added an update to the main post above.

cheers

Pete