Database Security - Service Update History

The FortiGuard Global Threat Research Team releases regularly security content to cover multiple database security issues:
  • 'New' lists the newly added database security coverage.
  • 'Enhanced' lists the updated database securities where new vectors have been uncovered.
For more information, vistit FortiGuard Center at www.fortiguard.com .


2.015( Released date: 26-Feb-2010 )

Enhanced ( 2 )
  • DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  

2.014( Released date: 22-Jan-2010 )

Enhanced ( 3 )
  • Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9  ( Critical )  
  • Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10  ( Critical )  
  • Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11  ( Critical )  

2.013( Released date: 08-Jan-2010 )

Enhanced ( 1 )
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  

2.012( Released date: 18-Dec-2009 )

Enhanced ( 3 )
  • MSSQL - DVA MSSQL 01.08 Revoke SELECT Permissions from PUBLIC  ( Informational )  
  • MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase  ( Critical )  

2.011( Released date: 23-Nov-2009 )

Enhanced ( 4 )
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9  ( Critical )  
  • Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10  ( Critical )  
  • Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11  ( Critical )  

2.009( Released date: 11-Sep-2009 )

Enhanced ( 2 )
  • MYSQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase  ( Critical )  

2.008( Released date: 07-Aug-2009 )

Enhanced ( 5 )
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • MYSQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9  ( Critical )  
  • Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10  ( Critical )  
  • Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11  ( Critical )  

2.007( Released date: 17-Jul-2009 )

Enhanced ( 1 )
  • MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  

2.006( Released date: 26-Jun-2009 )

New ( 7 )
  • Oracle - DVA ORCL 01.36 Password Grace Time  ( Cautionary )  
  • Oracle - DVA ORCL 01.37 Accounts With Only CREATE SESSION Privileges  ( Informational )  
  • Oracle - OSVA ORCL 01.30 Restrict File Permissions On LISTENER.ORA  ( Major )  
  • Oracle - OSVA ORCL 01.31 Restrict File Permissions On TNSNAMES.ORA  ( Major )  
  • Oracle - OSVA ORCL 01.32 Restrict File Permissions On SQLNET.ORA  ( Major )  
  • Oracle - OSVA ORCL 01.33 Restrict File Permissions On ORAPWSID FILE  ( Major )  
  • Oracle - OSVA ORCL 01.34 Restrict File Permissions on SNMP_RO.ORA and SNMP_RW.ORA configuration files  ( Major )  
Enhanced ( 12 )
  • DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • MySQL - DVA MYSQL 04.03 Non-root accounts have Process privilege  ( Major )  
  • MySQL - DVA MYSQL 04.05 Non-root accounts have Super privilege  ( Major )  
  • Oracle - DVA ORCL 05.53 MAX_ENABLED_ROLES Setting  ( Critical )  
  • Oracle - DVA ORCL 05.54 Prevent the use of a listener on a remote machine  ( Critical )  
  • Oracle - DVA ORCL 05.55 Default Service name or SID ORCL  ( Major )  
  • Oracle - OSVA ORCL 01.01 Oracle Critical Patch  ( Informational )  
  • Oracle - OSVA ORCL 01.11 Report Operating system information  ( Informational )  
  • Oracle - OSVA ORCL 01.28 Clients are allowed to access the database  ( Informational )  
  • Oracle - OSVA ORCL 01.29 Clients are not allowed to access the database  ( Informational )  

2.005( Released date: 05-Jun-2009 )

New ( 6 )
  • Oracle - DVA ORCL 05.55 Default Service name or SID ORCL  ( Major )  
  • Oracle - OSVA ORCL 01.25 Oracle listener network restrictions  ( Major )  
  • Oracle - OSVA ORCL 01.26 Oracle connection timeout parameter  ( Major )  
  • Oracle - OSVA ORCL 01.27 Oracle SQLNET.EXPIRE_TIME parameter  ( Major )  
  • Oracle - OSVA ORCL 01.28 Clients are allowed to access to the database  ( Informational )  
  • Oracle - OSVA ORCL 01.29 Clients are disallowed to access to the datase  ( Informational )  
Enhanced ( 2 )
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • Oracle - OSVA ORCL 01.24 Inbound connect timeout  ( Major )  

2.004( Released date: 15-May-2009 )

New ( 5 )
  • Oracle - DVA ORCL 05.53 MAX_ENABLED_ROLES Setting  ( Critical )  
  • Oracle - DVA ORCL 05.54 Prevent the use of a listener on a remote machine  ( Critical )  
  • Oracle - OSVA ORCL 01.22 Use IP addresses rather than hostnames  ( Major )  
  • Oracle - OSVA ORCL 01.23 Turn listener logging on  ( Major )  
  • Oracle - OSVA ORCL 01.24 Inbound connect timeout  ( Major )  
Enhanced ( 3 )
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase  ( Critical )  

2.003( Released date: 24-Apr-2009 )

New ( 5 )
  • MSSQL - DVA MYSQL 04.05 Non-root accounts have SUPER  ( Major )  
  • Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10  ( Critical )  
  • Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11  ( Critical )  
  • Oracle - DVA ORCL 06.43 Audit all DBA Activity for Oracle 10  ( Critical )  
  • Oracle - DVA ORCL 06.44 Audit all DBA Activity for Oracle 11  ( Critical )  
Enhanced ( 6 )
  • DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • MSSQL - DVA MYSQL 04.03 Non-root accounts have PROCESS or SUPER privilege  ( Major )  
  • Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied  ( Critical )  
  • Oracle - DVA ORCL 06.05 Audit all DBA Activity  ( Critical )  
  • Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase  ( Critical )  

2.002( Released date: 03-Apr-2009 )

New ( 5 )
  • DCS MYSQL 03.16 Processes  ( Informational )  
  • DVA MYSQL 01.03 Anonymous accounts.  ( Critical )  
  • DVA MYSQL 04.02 Non-root accounts have privileges on mysql.user table  ( Critical )  
  • DVA MYSQL 04.03 Non-root accounts have PROCESS or SUPER privilege  ( Major )  
  • DVA MYSQL 04.04 Non-root accounts have File privilege  ( Major )  
Enhanced ( 4 )
  • DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • DVA MYSQL 02.01 MySQL Latest Patch Not Applied  ( Critical )  
  • DVA ORCL 01.30 Change OS Authentication Prefix  ( Cautionary )  
  • DVA ORCL 06.01 Database Auditing Enabled  ( Critical )  

2.001( Released date: 13-Mar-2009 )

Enhanced ( 3 )
  • DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase  ( Critical )  

1.304( Released date: 03-Feb-2009 )

New ( 3 )
  • ORACLE - DVA ORCL 05.51 PASSWORD_LOCK_TIME less than the value of default setting  ( Cautionary )  
  • ORACLE - DVA ORCL 05.52 Audit CREATE SESSION privilege  ( Cautionary )  
  • ORACLE - OSVA ORCL 01.21 Oracle Listener is configured with SSL encryption  ( Major )  
Enhanced ( 9 )
  • DB2 v8, DB2 v9 - DCS IBM DB2 UDB 01.11 Current Version  ( Informational )  
  • DB2 v8, DB2 v9 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )  
  • MSSQL - DVA MSSQL 02.14 List of sysadmin Fixed Server Roles  ( Informational )  
  • ORACLE - DVA ORCL 01.18 Latest Oracle Patch not Applied  ( Critical )  
  • ORACLE - OSVA ORCL 01.02 Oracle owner login check  ( Critical )  
  • ORACLE - OSVA ORCL 01.03 Oracle dba group check  ( Critical )  
  • ORACLE - OSVA ORCL 01.08 OSVA ORCL 01.08 Oracle binaries that have setuid or setgid  ( Major )  
  • ORACLE - OSVA ORCL 01.12 Oracle External procedure process running  ( Major )  

1.303( Released date: 04-Dec-2008 )

New ( 2 )
  • DB2 v8, DB2 v9 - DVA IBM DB2 UDB 05.24 Security Vulnerability due to unintended privileges when DBADM privileges are altered  ( Critical )  
  • MSSQL - DVA MSSQL 05.51 Vulnerabilities in GDI+ Could Allow Remote Code Execution  ( Critical )  
Enhanced ( 2 )
  • DB2 v8, DB2 v9 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed  ( Critical )  
  • MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied  ( Critical )