On TechRepublic: Why Android beats iPhone
BNET Business Network:
BNET
TechRepublic
ZDNet

November 14th, 2007

Hacker finds 492,000 unprotected Oracle, SQL database servers

Posted by Ryan Naraine @ 8:14 am

Categories: Botnets, Browsers, Data theft, Exploit code, Hackers, Microsoft, Oracle, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Database, Oracle Corp., Database Server, Microsoft SQL Server, Server, SQL, Hacker, Databases, Servers, Enterprise Software

A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.David Litchfield — database server exposure survey

Litchfield (right), co-founder of Next Generation Security Software, ran port scans against 1,160,000 random IP addresses — TCP port 1433 (SQL Server) and 1521 (Oracle) — and found about 368,000 Microsoft SQL Servers directly accessible on the Internet and around 124,000 unprotected Oracle database servers.

“Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005,” Litchfield warned.

Of the SQL Servers found, more than 80% were running SQL Server 2000 and of those, only 46% were running Service Pack 4, the most recent, and the remainder were running Service Pack 3a or less. “Indeed, 4% were found to be completely unpatched and are vulnerable to the flaw exploited by the Slammer worm as well as an authentication flaw known as the ‘Hello bug’,” Litchfield added.

Hacker finds 492,000 unprotected database serversOf the unprotected Oracle servers, Litchfield found 13 were running de-supported versions of Oracle that no longer receive patches and are known to be vulnerable to critical vulnerabilities.

“In other words those that can be exploited by an attacker without a username and password and gain full control of the target. Given that it’s not possible to tell whether an Oracle server has been patched or not by looking at its version number it’s difficult to draw accurate conclusions about the state of vulnerability with regards to the other servers,” he added.

“These findings represent a significant risk: whilst it’s not possible to say how many of these systems are engaged in a commercial function, with just under half a million servers accessible there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information,” he warned.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 46 Talkback(s)
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers
I wouldn't be surprised since I do same thing here. I have an "unprotected" Oracle DB in the DMZ in which researchers around the world have access to but not write capabilities to our research data. O... (Read the rest)
Posted by: phatkat Posted on: 07/29/08 You are currently: a Guest | | Terms of Use
*shakes head*  ego.sum.stig@... | 11/14/07
You can't protect fools from themselves.  No_Ax_to_Grind | 11/14/07
And yet...  ego.sum.stig@... | 11/14/07
Unfortunately...  jasonp@... | 11/14/07
I disagree  roger.halbheer@... | 11/14/07
Jason is right. . . kind of.  TheTinker | 11/14/07
I disagree (Roger)  stand3 | 11/14/07
More than on guilty party in this  dkloke@... | 11/14/07
Actually while both Microsoft and Oracle own part of this  maldain | 11/15/07
Change American ... to World  socialism=nowhere | 11/15/07
I think you're right  John L. Ries | 11/14/07
Message has been deleted.  Intellihence | 11/14/07
There should be higher standards...  burtoni | 11/15/07
Who is going to create the law?  alaniane@... | 11/15/07
MSDE  sordito | 11/14/07
I'd bet that number would be...  jasonp@... | 11/14/07
Stupid does what stupid is  betelgeuse68 | 11/14/07
Stupid does what stupid is?  aussieblnd@... | 11/14/07
Why?  voska | 11/14/07
Because . . . .  mwaser | 11/14/07
Bad Practice!  GeneBuettner | 11/14/07
Yes!  rkuhn040172@... | 11/14/07
Yes, doubtful numbers..  Bob.Kerns | 11/14/07
Agree. Numbers are highly suspect.  quux | 11/14/07
Message has been deleted.  zvilando1@... | 11/14/07
Ryan Naraine - correct this article!  quux | 11/14/07
correct this article!  aussieblnd@... | 11/14/07
A correction is fully necessary  heres_johnny | 11/15/07
wanna factor primes from binary data?  bcroner | 11/14/07
It's a marketing scheme  Haas | 11/14/07
Ah Windows  John Musbach | 11/14/07
hardware firewall gateways  pcguy777 | 11/15/07
Doesn't really surprise me.  Steveg_z | 11/15/07
"Bonuses for top management"?  MarkHarrison | 11/15/07
Thats because the DEFAULT SETTINGS configure windows that way.  pcguy777 | 11/15/07
Thats "dont get past"  pcguy777 | 11/15/07
MSDE/SQLEXPRESS  Too_Busy_To_Be_Here | 11/15/07
database security  itibble@... | 11/15/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  phelix@... | 11/15/07
feedback  itibble@... | 11/15/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  artman3rd@... | 11/15/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  PokeyJoe | 11/16/07
Yes indeedy.  Joel R | 11/16/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  starbucks3000 | 11/19/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  anjanb | 11/21/07
RE: Hacker finds 492,000 unprotected Oracle, SQL database servers  phatkat | 07/29/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and