Shostack + Friends Blog Archive


Speaking Of Worms

Following up on Chris’s worm post, Red Database Security has an advisory on an Oracle worm.

On 31-october 2005 an anonymous poster ( released a proof-of-concept PL/SQL source code of an Oracle worm on the full disclosure mailing list. The worm is using the utl_tcp package to find other Oracle databases in the same subnet and uses private database links to connect to remote databases. The payload is harmless (creation of table called x in the remote database) but can be changed easily.

(Thanks, Arthur!)

One comment on "Speaking Of Worms"

Comments are closed.