CybersecurityDatabaseNetworking 10 Database Security Threats Every IT Administrator Should Know By Brian Prince - June 22, 2010 Share FacebookTwitterLinkedin PrevNext110 Database Security Threats Every IT Administrator Should Knowby Brian Prince 2Default, Blank & Weak Username&47;Password• Microsoft SQL Server Blank & Default Password• Default Oracle Username and Password• IBM DB2 Default Admin Password 3SQL Injections• SQL Injection Vulnerability in Oracle Database “SYS.DBMS_AQIN”• SQL injection vuln in Oracle 10gR1 database using SYS.DBMS_STREAMS_AUTH• SQL Injection in Oracle with “.ALTER_AUTOLOG_CHANGE_SOURCE” function 4Extensive User & Group Privilege• BUILTINAdministrator member of SYSADMIN fixed server role in MS SQLServer• Privileged Role Assignment in MS SQLServer• Oracle Account Root Privilege Escalation 5Unnecessary Enabled Database Features• Microsoft SQL Server Permission Granted on xp_cmdshell• Microsoft SQL Server xp_cmdshell Not Removed or Not Disabled• Microsoft SQL Server OLEDB Ad Hoc Query Allowed 6Broken Configuration Management• Sybase current audit table• Oracle Configuration Manager Installed on a production system• Microsoft SQL Server PPS configuration 7Buffer Overflows• SYS.OLAPIMPL_T.ODCITABLESTART Buffer Overflow in Oracle 9iR1 and 9iR2• EXECUTE privilege on DBMS_AQELM can lead to Buffer Overflow in Oracle DB• IBM Lotus Domino IMAP Cram-MD5 Buffer Overflow 8Privilege Escalation• SQL Injection in Oracle DBMS_AQIN allows users to escalate privilege• SQL Injection in Oracle AQADM_SYS allows users to escalate privilege• MySQL Privilege Escalation through RENAME statement 9Denial of Service Attacks• Oracle Denial of service DoS in SYS.KUPF$FILE_INT• MySQL Hello packet Denial of Service DoS• MySQL authenticated user Denial of Service DoS via federated engine 10Unpatched Databases• Oracle Critical Patch Update CPU• Latest Sybase patch not applied• MS SQL Server service pack and hot fix 11Unencrypted Sensitive Data – at Rest and in Motion• Oracle Network Encryption Required• Domino Server Full Text Indexed Field In Encrypted Database• Unencrypted listener password in OraclePrevNext