Palo Alto, CA. February 20, 2003 – The CERT Coordination Center released yesterday an advisory regarding a number of critical vulnerabilities that exist in Oracle software which may lead to the execution of arbitrary code; the ability to read, modify, or delete information stored in underlying Oracle databases; or denial of service.

The SQL Slammer worm spread last month has made the case for database security products. Slammer was the second wide-spread database worm, after Spida, another Microsoft SQL Server worm that hit thousands of databases across the world in May 2002. Digital attacks, including worms and viruses, caused more than $8 billion in damages worldwide in January 2003, with the Slammer worm alone costing about $1 billion, according to a report by U.K.-based security company mi2g Ltd.

The recent Oracle flaws include four critical buffer overflows in various components of Oracle’s database server software, including its latest Oracle 9i Release 2. Two additional vulnerabilities could use other Oracle components to cause a denial-of-service attack.

The same company that uncovered the Slammer vulnerability has uncovered these new Oracle vulnerabilities as well. “Although the risk of a new, fast-propagating and destructive database worm very much exists, the real threat that enterprises should be worried about is a targeted attack on their databases that uses these newly uncovered vulnerabilities,” according to Shlomo Kramer, WebCohort co-founder and CEO and co-founder of network security vendor Check Point Software. “These attacks could be easily executed by external attackers or even internal users waiting for an opportunity to copy the entire information stored in corporate databases.”

WebCohort SecureSphere™ detects and blocks all the recently uncovered Oracle vulnerabilities, as well as many other database-specific vulnerabilities. WebCohort SecureSphere advanced anomaly detection mechanisms monitor both HTTP and SQL traffic for abnormal behavior and can easily detect sophisticated and potentially destructive intrusion attempts. WebCohort SecureSphere 1.2 is the first non-invasive application and database security solution. It uses transparent network sensors with no in-line point of failure or performance bottleneck, as opposed to host agents and proxy gateways solutions.

CERT advisory: http://www.cert.org/advisories/CA-2003-05.html

About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net