NMap 7 is out

Yesterday I read that there is a totally new release of nmap, the network mapping tool. I’ve blogged about Nmap before. Version 7 has attacks against Heartbleed, it has mature IPv6 support, faster scans on Windows and BSD systems. And it has 171 new scripts and 20 libraries (new since Nmap 6 though).

The release notes make mention of a script called oracle-brute-stealth script, which can exploit the CVE-2012-3137 vulnerability, a weakness in Oracle’s O5LOGIN authentication scheme in a lot of 11g versions (except when protocol 12 is required). This vulnerability has been fixed in the Critical Patch Update of October 2012.

I got all excited. But then I realized that oracle-brute-force actually exists in this form since 2012. I’m going to test this out anyway, because it’s an interesting way to gain access to unpatched Oracle 11g databases.

Advertisements

About Marcel-Jan Krijgsman

Marcel-Jan is de PR-functionaris van de Werkgroep Maan en Planeten. Hij verzorgt ook het nieuws op de Facebook pagina en deze blog.
This entry was posted in Oracle security and tagged , , , , , . Bookmark the permalink.

One Response to NMap 7 is out

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s