SERVER-ORACLE -- Snort has detected traffic exploiting vulnerabilities in Oracle Database Server.
SERVER-ORACLE sys.all_users access
This event is generated when a command is issued to an Oracle database server that may result in a serious compromise of the data stored on that system. Impact: Serious. An attacker may have gained superuser access to the system. Details: This event is generated when an attacker issues a special command to an Oracle database that may result in a serious compromise of all data stored on that system. Such commands may be used to gain access to a system with the privileges of an administrator, delete data, add data, add users, delete users, return sensitive information or gain intelligence on the server software for further system compromise. This connection can either be a legitimate telnet connection or the result of spawning a remote shell as a consequence of a successful network exploit. Oracle servers running on a Windows platform may listen on any arbitrary port. Change the $ORACLE_PORTS variable in snort.conf to "any" if this is applicable to the protected network. Ease of Attack: Simple.
No information provided
No public information
Known false positives, with the described conditions
This event may be generated by a database administrator logging in and issuing database commands from a location outside the protected network.
Original Rule Writer Unknown Cisco Talos Nigel Houghton
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
