Oracle蠕虫再次变异
欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入 一个流行的安全邮件列表中公布了一个新近发现的具有更大破坏力的Oracle航海家蠕虫版本的变体。 这个蠕虫病毒的新变体具有对公共数据库用户账户的访问权限,但是目前仍然缺乏能够复制自身的机制,Ora
欢迎进入Oracle社区论坛,与200万技术人员互动交流 >>进入
一个流行的安全邮件列表中公布了一个新近发现的具有更大破坏力的Oracle航海家蠕虫版本的变体。这个蠕虫病毒的新变体具有对公共数据库用户账户的访问权限,但是目前仍然缺乏能够复制自身的机制,Oracle安全专家Pete Finnigan 在自己的博客中写道。
“这个新的Oracle航海家蠕虫变体是用PL/SQL编写的,并且利用了一些像我这样的人通常用来撤销公共账户访问权限的一些关键的内建的包,例如UTL_HTTP, UTL_TCP 和 UTL_SMTP,” Finnigan 说。“这是一个好的忠告,相信我!”
然而直到今天,还没有任何的Oracle用户被这种蠕虫攻击过,报告说。
航海家蠕虫的最初版本是在大概2个月前的一个完全揭露邮件列表中浮出水面的。专家们解释说,这种蠕虫使用UTL_TCP 包来扫描同一个网络中的远程数据库,然后登陆到其中的一个,检索SID和用户的几个常见的用户名和密码来尝试登陆。
位于美国马里兰州毕士达的SANS 因特网风暴中心建议我们按照以下步骤来阻止蠕虫病毒的入侵和在首次出现之后的更进一步的变异:
修改Oracle监听器的TCP/1521的默认端口(并且当你正在执行的时候,设置一个监听器密码)。
尽可能地删除或者锁定默认的用户帐号。确保所有的默认账户都没有使用默认的密码。
撤销UTL_TCP, UTL_INADDR 包的PUBLIC权限。
撤销分配给那些不需要链接到远程数据库的用户的CREATE DATABASE LINK 权限,包括CONNECT 的角色。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How long will Oracle database logs be kept?
May 10, 2024 am 03:27 AM
The retention period of Oracle database logs depends on the log type and configuration, including: Redo logs: determined by the maximum size configured with the "LOG_ARCHIVE_DEST" parameter. Archived redo logs: Determined by the maximum size configured by the "DB_RECOVERY_FILE_DEST_SIZE" parameter. Online redo logs: not archived, lost when the database is restarted, and the retention period is consistent with the instance running time. Audit log: Configured by the "AUDIT_TRAIL" parameter, retained for 30 days by default.
Function to calculate the number of days between two dates in oracle
May 08, 2024 pm 07:45 PM
The function in Oracle to calculate the number of days between two dates is DATEDIFF(). The specific usage is as follows: Specify the time interval unit: interval (such as day, month, year) Specify two date values: date1 and date2DATEDIFF(interval, date1, date2) Return the difference in days
The order of the oracle database startup steps is
May 10, 2024 am 01:48 AM
The Oracle database startup sequence is: 1. Check the preconditions; 2. Start the listener; 3. Start the database instance; 4. Wait for the database to open; 5. Connect to the database; 6. Verify the database status; 7. Enable the service (if necessary ); 8. Test the connection.
How to use interval in oracle
May 08, 2024 pm 07:54 PM
The INTERVAL data type in Oracle is used to represent time intervals. The syntax is INTERVAL <precision> <unit>. You can use addition, subtraction, multiplication and division operations to operate INTERVAL, which is suitable for scenarios such as storing time data and calculating date differences.
How to see the number of occurrences of a certain character in Oracle
May 09, 2024 pm 09:33 PM
To find the number of occurrences of a character in Oracle, perform the following steps: Get the total length of a string; Get the length of the substring in which a character occurs; Count the number of occurrences of a character by subtracting the substring length from the total length.
How much memory does oracle require?
May 10, 2024 am 04:12 AM
The amount of memory required by Oracle depends on database size, activity level, and required performance level: for storing data buffers, index buffers, executing SQL statements, and managing the data dictionary cache. The exact amount is affected by database size, activity level, and required performance level. Best practices include setting the appropriate SGA size, sizing SGA components, using AMM, and monitoring memory usage.
How to replace string in oracle
May 08, 2024 pm 07:24 PM
The method of replacing strings in Oracle is to use the REPLACE function. The syntax of this function is: REPLACE(string, search_string, replace_string). Usage steps: 1. Identify the substring to be replaced; 2. Determine the new string to replace the substring; 3. Use the REPLACE function to replace. Advanced usage includes: multiple replacements, case sensitivity, special character replacement, etc.
Oracle database server hardware configuration requirements
May 10, 2024 am 04:00 AM
Oracle database server hardware configuration requirements: Processor: multi-core, with a main frequency of at least 2.5 GHz. For large databases, 32 cores or more are recommended. Memory: At least 8GB for small databases, 16-64GB for medium sizes, up to 512GB or more for large databases or heavy workloads. Storage: SSD or NVMe disks, RAID arrays for redundancy and performance. Network: High-speed network (10GbE or higher), dedicated network card, low-latency network. Others: Stable power supply, redundant components, compatible operating system and software, heat dissipation and cooling system.
