msgbartop
News, views, tips and tricks on Oracle and other fun stuff
msgbarbottom

Advice regarding the so-called Oracle Voyager Worm

This morning when I was checking my work e-mail from home, I found this e-mail from “Oracle Global Product Security” in my in-box:

————–Start of e-mail———–

Dear Oracle customer,

Oracle Global Product Security has investigated the recent Internet publication of the so-called Oracle Voyager Worm that is designed to target Oracle databases. In its current form, the code is incomplete and poses no immediate threat to Oracle customers. The code does not expose or attempt to exploit an Oracle product security vulnerability. Instead, the code outlines an attack against Oracle database systems that have been configured insecurely.

Oracle considers adherence to industry standard security practices the best way for customers to protect their database systems. A MetaLink note is now available that outlines the minimum essential steps customers should take to mitigate future attempted attacks against their Oracle databases. Customers who already follow industry standard security best practices, including those who have hardened or locked down their database systems, may still benefit from reviewing the MetaLink note.

The MetaLink Doc ID is 340009.1:
http://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=340009.1

Additional references:
http://www.oracle.com/technology/deploy/security/db_security/index.html

http://www.oracle.com/technology/deploy/security/pdf/…

Sincerely,
Oracle Global Product Security

————–End of e-mail———–

Now, I’m off to the dentist…Ouch!


Filed in Oracle on 05 Nov 05 | Tags: ,


Comments are closed.