NMap 7 is out

Yesterday I read that there is a totally new release of nmap, the network mapping tool. I’ve blogged about Nmap before. Version 7 has attacks against Heartbleed, it has mature IPv6 support, faster scans on Windows and BSD systems. And it has 171 new scripts and 20 libraries (new since Nmap 6 though).

The release notes make mention of a script called oracle-brute-stealth script, which can exploit the CVE-2012-3137 vulnerability, a weakness in Oracle’s O5LOGIN authentication scheme in a lot of 11g versions (except when protocol 12 is required). This vulnerability has been fixed in the Critical Patch Update of October 2012.

I got all excited. But then I realized that oracle-brute-force actually exists in this form since 2012. I’m going to test this out anyway, because it’s an interesting way to gain access to unpatched Oracle 11g databases.

Advertisements

About Marcel-Jan Krijgsman

Ever since I started working with Oracle, I had an interest in Oracle database performance tuning. This led, eventually, to a four day training I made and gave for customers of Transfer Solutions. Since 2012 I work for Rabobank Nederland. A few years ago I also became interested in Oracle database security. All technology aside, it is my experience that security usually plays out on a political level. I'm a Oracle certified professional for the 8i, 9i, 10g and 11g databases and Oracle Database 11g Performance Tuning Certified Expert.
This entry was posted in Oracle security and tagged , , , , , . Bookmark the permalink.

One Response to NMap 7 is out

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s