The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability alert 7342

Oracle DB: access during installation

Synthesis of the vulnerability

An attacker can connect as SYS or SYSTEM during installation of the database.
Severity of this computer vulnerability: 1/4.
Creation date: 14/11/2007.
Références of this announce: BID-26425, VIGILANCE-VUL-7342.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

During database installation, a default password is set for SYS and SYSTEM users. This password is then changed at the end of installation.

Depending on the installation method, there is a window frame of 20 seconds up to 2 minutes during which an attacker can login to these accounts with their default password.

When server is connected to network during the installation, an attacker can therefore login to the database.
Full Vigil@nce bulletin... (Free trial)

This computer threat alert impacts software or systems such as Oracle DB.

Our Vigil@nce team determined that the severity of this weakness announce is low.

The trust level is of type unique source, with an origin of intranet client.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this computer weakness bulletin.

Solutions for this threat

Oracle DB: workaround during the installation.
A workaround is to unplug the computer from the network during its installation.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a systems vulnerabilities bulletin. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.