The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Oracle DB: access during installation

Synthesis of the vulnerability 

An attacker can connect as SYS or SYSTEM during installation of the database.
Impacted software: Oracle DB.
Severity of this computer vulnerability: 1/4.
Creation date: 14/11/2007.
Références of this announce: BID-26425, VIGILANCE-VUL-7342.

Description of the vulnerability 

During database installation, a default password is set for SYS and SYSTEM users. This password is then changed at the end of installation.

Depending on the installation method, there is a window frame of 20 seconds up to 2 minutes during which an attacker can login to these accounts with their default password.

When server is connected to network during the installation, an attacker can therefore login to the database.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat alert impacts software or systems such as Oracle DB.

Our Vigil@nce team determined that the severity of this weakness announce is low.

The trust level is of type unique source, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness bulletin.

Solutions for this threat 

Oracle DB: workaround during the installation.
A workaround is to unplug the computer from the network during its installation.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities bulletin. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.