Database Security - Service Update History

The FortiGuard Global Threat Research Team releases regularly security content to cover multiple database security issues:

'New' lists the newly added database security coverage.
'Enhanced' lists the updated database securities where new vectors have been uncovered.

For more information, vistit FortiGuard Center at www.fortiguard.com .

2.018

( Released date: 23-Jul-2010 )

New ( 8 )

Oracle - OSVA ORCL 01.35 Remove all permissions on $ORACLE_HOME/bin/oracleO ( Major )
Oracle - OSVA ORCL 01.36 Restrict File Permissions On extjob ( Major )
Oracle - OSVA ORCL 01.37 Restrict File Permissions On lsnrctl ( Major )
Oracle - OSVA ORCL 01.38 Restrict File Permissions On tnslsnr ( Major )
Oracle - OSVA ORCL 01.39 Remove All Permissions On lsnrctl0 ( Major )
Oracle - OSVA ORCL 01.40 Restrict All Permissions On tnslsnr0 ( Major )
Oracle - OSVA ORCL 01.41 Restrict File Permissions On rdbms/log ( Major )
Oracle - OSVA ORCL 01.42 Restrict File Permissions On rdbms/audit ( Major )

Enhanced ( 7 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
Oracle - OSVA ORCL 01.30 Restrict File Permissions On LISTENER.ORA ( Major )
Oracle - OSVA ORCL 01.31 Restrict File Permissions On TNSNAMES.ORA ( Major )
Oracle - OSVA ORCL 01.32 Restrict File Permissions On SQLNET.ORA ( Major )
Oracle - OSVA ORCL 01.33 Restrict File Permissions On ORAPWSID FILE ( Major )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

2.017

( Released date: 07-May-2010 )

Enhanced ( 3 )

Oracle - DVA ORCL 01.18 Oracle Latest Patch Not Applied for Oracle 9 ( Critical )
Oracle - DVA ORCL 01.34 Oracle Latest Patch Not Applied for Oracle 10 ( Critical )
Oracle - DVA ORCL 01.35 Oracle Latest Patch Not Applied for Oracle 11 ( Critical )

2.016

( Released date: 26-Mar-2010 )

Enhanced ( 2 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )

2.015

( Released date: 26-Feb-2010 )

Enhanced ( 2 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )

2.014

( Released date: 22-Jan-2010 )

Enhanced ( 3 )

Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9 ( Critical )
Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 ( Critical )
Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 ( Critical )

2.013

( Released date: 08-Jan-2010 )

Enhanced ( 1 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )

2.012

( Released date: 18-Dec-2009 )

Enhanced ( 3 )

MSSQL - DVA MSSQL 01.08 Revoke SELECT Permissions from PUBLIC ( Informational )
MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

2.011

( Released date: 23-Nov-2009 )

Enhanced ( 4 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9 ( Critical )
Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 ( Critical )
Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 ( Critical )

2.009

( Released date: 11-Sep-2009 )

Enhanced ( 2 )

MYSQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

2.008

( Released date: 07-Aug-2009 )

Enhanced ( 5 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MYSQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied for Oracle 9 ( Critical )
Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 ( Critical )
Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 ( Critical )

2.007

( Released date: 17-Jul-2009 )

Enhanced ( 1 )

MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )

2.006

( Released date: 26-Jun-2009 )

New ( 7 )

Oracle - DVA ORCL 01.36 Password Grace Time ( Cautionary )
Oracle - DVA ORCL 01.37 Accounts With Only CREATE SESSION Privileges ( Informational )
Oracle - OSVA ORCL 01.30 Restrict File Permissions On LISTENER.ORA ( Major )
Oracle - OSVA ORCL 01.31 Restrict File Permissions On TNSNAMES.ORA ( Major )
Oracle - OSVA ORCL 01.32 Restrict File Permissions On SQLNET.ORA ( Major )
Oracle - OSVA ORCL 01.33 Restrict File Permissions On ORAPWSID FILE ( Major )
Oracle - OSVA ORCL 01.34 Restrict File Permissions on SNMP_RO.ORA and SNMP_RW.ORA configuration files ( Major )

Enhanced ( 12 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
MySQL - DVA MYSQL 04.03 Non-root accounts have Process privilege ( Major )
MySQL - DVA MYSQL 04.05 Non-root accounts have Super privilege ( Major )
Oracle - DVA ORCL 05.53 MAX_ENABLED_ROLES Setting ( Critical )
Oracle - DVA ORCL 05.54 Prevent the use of a listener on a remote machine ( Critical )
Oracle - DVA ORCL 05.55 Default Service name or SID ORCL ( Major )
Oracle - OSVA ORCL 01.01 Oracle Critical Patch ( Informational )
Oracle - OSVA ORCL 01.11 Report Operating system information ( Informational )
Oracle - OSVA ORCL 01.28 Clients are allowed to access the database ( Informational )
Oracle - OSVA ORCL 01.29 Clients are not allowed to access the database ( Informational )

2.005

( Released date: 05-Jun-2009 )

New ( 6 )

Oracle - DVA ORCL 05.55 Default Service name or SID ORCL ( Major )
Oracle - OSVA ORCL 01.25 Oracle listener network restrictions ( Major )
Oracle - OSVA ORCL 01.26 Oracle connection timeout parameter ( Major )
Oracle - OSVA ORCL 01.27 Oracle SQLNET.EXPIRE_TIME parameter ( Major )
Oracle - OSVA ORCL 01.28 Clients are allowed to access to the database ( Informational )
Oracle - OSVA ORCL 01.29 Clients are disallowed to access to the datase ( Informational )

Enhanced ( 2 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
Oracle - OSVA ORCL 01.24 Inbound connect timeout ( Major )

2.004

( Released date: 15-May-2009 )

New ( 5 )

Oracle - DVA ORCL 05.53 MAX_ENABLED_ROLES Setting ( Critical )
Oracle - DVA ORCL 05.54 Prevent the use of a listener on a remote machine ( Critical )
Oracle - OSVA ORCL 01.22 Use IP addresses rather than hostnames ( Major )
Oracle - OSVA ORCL 01.23 Turn listener logging on ( Major )
Oracle - OSVA ORCL 01.24 Inbound connect timeout ( Major )

Enhanced ( 3 )

MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MySQL - DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

2.003

( Released date: 24-Apr-2009 )

New ( 5 )

MSSQL - DVA MYSQL 04.05 Non-root accounts have SUPER ( Major )
Oracle - DVA ORCL 01.34 Latest Oracle Patch not Applied for Oracle 10 ( Critical )
Oracle - DVA ORCL 01.35 Latest Oracle Patch not Applied for Oracle 11 ( Critical )
Oracle - DVA ORCL 06.43 Audit all DBA Activity for Oracle 10 ( Critical )
Oracle - DVA ORCL 06.44 Audit all DBA Activity for Oracle 11 ( Critical )

Enhanced ( 6 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MSSQL - DVA MYSQL 04.03 Non-root accounts have PROCESS or SUPER privilege ( Major )
Oracle - DVA ORCL 01.18 Latest Oracle Patch not Applied ( Critical )
Oracle - DVA ORCL 06.05 Audit all DBA Activity ( Critical )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

2.002

( Released date: 03-Apr-2009 )

New ( 5 )

DCS MYSQL 03.16 Processes ( Informational )
DVA MYSQL 01.03 Anonymous accounts. ( Critical )
DVA MYSQL 04.02 Non-root accounts have privileges on mysql.user table ( Critical )
DVA MYSQL 04.03 Non-root accounts have PROCESS or SUPER privilege ( Major )
DVA MYSQL 04.04 Non-root accounts have File privilege ( Major )

Enhanced ( 4 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
DVA MYSQL 02.01 MySQL Latest Patch Not Applied ( Critical )
DVA ORCL 01.30 Change OS Authentication Prefix ( Cautionary )
DVA ORCL 06.01 Database Auditing Enabled ( Critical )

2.001

( Released date: 13-Mar-2009 )

Enhanced ( 3 )

DB2 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
Sybase - DVA Sybase 02.08 Apply Latest EBF From Sybase ( Critical )

1.304

( Released date: 03-Feb-2009 )

New ( 3 )

ORACLE - DVA ORCL 05.51 PASSWORD_LOCK_TIME less than the value of default setting ( Cautionary )
ORACLE - DVA ORCL 05.52 Audit CREATE SESSION privilege ( Cautionary )
ORACLE - OSVA ORCL 01.21 Oracle Listener is configured with SSL encryption ( Major )

Enhanced ( 9 )

DB2 v8, DB2 v9 - DCS IBM DB2 UDB 01.11 Current Version ( Informational )
DB2 v8, DB2 v9 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )
MSSQL - DVA MSSQL 02.14 List of sysadmin Fixed Server Roles ( Informational )
ORACLE - DVA ORCL 01.18 Latest Oracle Patch not Applied ( Critical )
ORACLE - OSVA ORCL 01.02 Oracle owner login check ( Critical )
ORACLE - OSVA ORCL 01.03 Oracle dba group check ( Critical )
ORACLE - OSVA ORCL 01.08 OSVA ORCL 01.08 Oracle binaries that have setuid or setgid ( Major )
ORACLE - OSVA ORCL 01.12 Oracle External procedure process running ( Major )

1.303

( Released date: 04-Dec-2008 )

New ( 2 )

DB2 v8, DB2 v9 - DVA IBM DB2 UDB 05.24 Security Vulnerability due to unintended privileges when DBADM privileges are altered ( Critical )
MSSQL - DVA MSSQL 05.51 Vulnerabilities in GDI+ Could Allow Remote Code Execution ( Critical )

Enhanced ( 2 )

DB2 v8, DB2 v9 - DVA IBM DB2 UDB 02.11 Latest Fixpak not installed ( Critical )
MSSQL - DVA MSSQL 01.09 Latest MSSQL Patch not Applied ( Critical )