SAP via RSS - Subscribe to SearchSAP.com's RSS Feed for news and tips on SAP.
Voyager is a proof-of-concept worm that doesn't seem capable of spreading in its current form. But security experts worry it's a sign that the digital underground is salivating over Oracle's growing list of flaws and is getting ready to pounce.
Details of the worm first emerged Monday on the Full Disclosure list hosted and sponsored by Danish vulnerability watcher Secunia. It was posted anonymously and appeared under the heading "Trick or treat Larry."
According to the ISC, Voyager "uses the UTL_TCP package to scan for remote Oracle databases on the same local network. Upon finding another database, the SID is retrieved and the worm uses several default username and password combinations to attempt to login to the remote database." Currently, the ISC said, the default/username password list includes: system/manager, sys/change_on_install; dbsnmp/dbsnmp; outln/outln; scott/tiger; mdsys/mdsys; and ordcommon/ordcommon.
"When the worm discovers a default username and password, it creates a table 'X' in the current user's schema with a date column called 'Y,'" the ISC said. "This could easily be changed to a more dramatic payload."
The ISC said Oracle database administrators can take several steps to block the worm and possible future variants:
This story also appears at SearchSecurity.com, part of the TechTarget network.