4. PLATFORM VULNERABILITIES
Vulnerabilities in underlying operating systems
(Windows 2000, UNIX, etc.) and additional services
installed on a database server may lead to
unauthorized access, data corruption, or denial of
service.
6. PLATFORM VULNERABILITIES
Aliases: SQL Slammer,
W32.SQLExp.Worm
Released: January 25, 2003, at
about 5:30 a.m. (GMT)
Fastest worm in history
Spread world-wide in under 10 minutes
Doubled infections every 8.5 seconds
376 bytes long
8. PLATFORM VULNERABILITIES
Infected between 75,000 and 160,000
systems
Disabled SQL Server databases on infected
machines
Saturated world networks with traffic
Disrupted Internet connectivity world-wide
9. PLATFORM VULNERABILITIES
Disrupted financial institutions
Airline delays and cancellations
Affected many U.S. government and
commercial websites
10. PLATFORM VULNERABILITIES
13,000 Bank of America ATMs stopped
working
Continental Airlines flights were cancelled
and delayed; ticketing system was
inundated with traffic. Airport self-check-in
kiosks stopped working
Activated Cisco router bugs at Internet
backbones
11. PLATFORM VULNERABILITIES
Single UDP packet
Targets port 1434 (Microsoft-SQL-Monitor)
Causes buffer overflow
Continuously sends itself via UDP packets to
pseudo-random IP addresses, including broadcast
and multicast addresses
Does not check whether target machines exist
17. PLATFORM VULNERABILITIES
Reconstructs session from buffer overflow
Obtains (and verifies!) Windows API
function addresses
Initializes pseudo-random number
generator and socket structures
Continuously generates random IP
addresses and sends UDP data-grams of
itself
19. PLATFORM VULNERABILITIES
The Blaster worm took advantage of a Windows
2000 vulnerability to take down target
servers.(create denial of service conditions)
20. PLATFORM VULNERABILITIES
Also known as Lovsan, Poza, Blaster.
First detected on August 11, 2003
Exploits the most widespread Windows flaw ever
A vulnerability in Distributed Component Object
Model (DCOM) that handles communication using
Remote Procedure Call (RPC) protocol
21. PLATFORM VULNERABILITIES
Affects Windows 2000 and Windows XP
Two messages in the code:
1. “I just want to say LOVE YOU SAN!””
2. “billy gates why do you make this possible? Stop
making money and fix your software!!”
Infected more than 100,000 computers in 24 hours
22. PLATFORM VULNERABILITIES
Detected in mid-July 2003
RPC protocol allow a program to run code
on a remote machine
Incorrectly handles malformed messages on
RPC port 135, 139, 445, 593
Attackers send special message to remote
host
Gain local privilege, run malicious code
23. PLATFORM VULNERABILITIES
Vulnerability Scorecard Report
Published: March 2011
This study leverages data from the National
Vulnerability Database (NVD), the industry
standard source of security vulnerability
data.
34. PLATFORM VULNERABILITIES
Mitigation
Network ACLs: Simple FW to allow access only to
required services
Network IPS: Traditional detection of known
vulnerabilities
IPS tools are a good way to identify and/or block attacks
designed to exploit known database platform vulnerabilities.
35. REFERENCE
eEye Digital Security.
http://www.eeye.com/html/Research/Flash/sapphire.txt
Cooperative Association for Internet Data Analysis
(CAIDA)
http://www.caida.org/outreach/papers/2003/sapphire/sapphi
re.html
Internet Storm Center.
http://isc.incidents.org/analysis.html?id=180