Resources
Home » Resources » Red Team: Security Updates

Red Team: Security Updates

 

News

Credits for Security Research Contributions

Release Notes 

  

News 

How to Compose Effective and Efficient Regular Expressions

October 6, 2009
When composing rules and exceptions for Hedgehog, you may need to use regular expressions. Here are some things worth considering.
 

Sentrigo Announces Microsoft SQL Server Password Vulnerability

September 2, 2009

 

Sentrigo discovered a vulnerability in all versions of SQL Server, which exposes passwords in clear text. The company’s researchers discovered personal passwords unencrypted in SQL Server memory when they accessed the server using administrative privileges. The company says that best practices call for even legitimate administrators never to see actual passwords. Hackers who gain administrative access could find these passwords as well.

 

Sentrigo Contributions Boost Database Security Through Oracle Patch Process

August 11, 2009

 

Sentrigo is recognized by Oracle for contributions in 4 out of last 5 Critical Patch Updates (CPUs), including fixes for several SQL injection vulnerabilities and numerous buffer overflow exploits that were discovered by Sentrigo as zero-day threats.

 

Sentrigo’s Virtual Patching Bridges a Chasm in Database Security Processes

April 30, 2009

 

Within 48 hours of Oracle’s release of its April 2009 Critical Patch Update, Sentrigo has released a security update containing virtual patching coverage for the vulnerabilities published in the CPU. Learn how Sentrigo’s vPatch protects Oracle customers from both the risks mitigated by and generated by security patch releases.

 
March 1, 2009
The released security update provides Sentrigo’s Sybase customers the highest security level in the market, covering known security issues, vulnerabilities and best practices particular to Sybase.

 

February 18, 2009
The two zero-day vulnerabilities in the Oracle database may enable an attacker or malicious user with execution privileged to specific packages to take over the database completely – compromising the entire contents of the database and the availability of the systems dependant on it.

 

Oracle CPU Dissected

January 20, 2009
Oracle releases Critical Patch Updates (CPUs) every three months, containing security code fixes to vulnerabilities discovered by its security personnel or external researchers and hackers. By exploring these CPUs it is possible to obtain valuable information about the vulnerabilities addressed by the patches and use them to create exploits that attack or hack the database. Thus, ironically, each time Oracle releases a new CPU to help protect databases, it actually increases the risk of Oracle databases worldwide being attacked.

 

Credits for Security Research

January 12, 2010: Oracle CPU Advisory

October 21, 2009: Oracle Database - Multiple Vulnerabilities

July 14, 2009: Oracle CPU Advisory

January 13, 2009: Oracle CPU Advisory

October 14, 2008: Oracle CPU Advisory

July 15, 2008: Oracle CPU Advisory

 

Release Notes

Sentrigo Security Update 3.5.2

This Security Update includes Virtual Patches for Oracle's Critical Patch Update (CPU) of January 2010.
  • Rules 1092, 1118, 1120 and 6224 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU.
  • Rule 6254 was added to address a newly disclosed vulnerability in Oracle databases.
  • Rules 210, 1106, 1206, 1208 and 5560 were updated for maintenance.

Previous release notes can be found here.

Sentrigo Security Update 3.5.1

This Security Update contains many new protections, as well as maintenance updates.
  • The following rules were added to protect against known and 0-day vulnerabilities: 1113, 1157, 1366, 1368, 1370, 1837, 1842, 2142, 6242, 6244, 6246, 6248, 6250 and 6252.
  • Numerous rules have been modified to improve their coverage.
  • Numerous rules have been modified to clarify their description.
  • On Hedgehog Server versions 3.5.1 and later, rule 1837 was added. This rule is very useful in detecting general (even 0-day) SQL Injection attacks, but may adversely affect system performance. For this reason, rule 1837 is disabled by default, and may be enabled by users who wish to activate it.

Previous release notes can be found here.

Sentrigo Security Update 3.5.0

This Security Update includes more Virtual Patches for Oracle's October 2009 CPU.
  • Rules 6238 and 6240 were added to address remaining vulnerabilities disclosed in the CPU
  • Rules 2140, 6234 and 6236 were added to address publicly-known attack vectors
  • Rule 5590 was updated to improve its ability to identify attacks
Previous release notes can be found here.

Sentrigo Security Update 3.0.2

This Security Update includes Virtual Patches for Oracle's October 2009 CPU.
  • Rules 6226, 6228, 6230 and 6232 were added to address newly disclosed vulnerabilities in Oracle databases
  • Rules 1112, 6214 and 6216 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU
  • Rules 1158, 1166, 5540, 5550 and 6128 were updated to improve their coverage

Sentrigo Security Update 3.0.1

This security update introduces many new and improved vPatch rules. In this update:
  • 27 new rules were introduced to detect attacks and suspicious activity.
  • The existing rules were optimized for performance and effectiveness.
  • A few rules underwent minor maintenance updates.
Previous release notes can be found here.

Sentrigo Security Update 3.0.0

This is a maintenance update of the vPatch rules. In this update:
  • The rules were streamlined and optimized for accuracy and performance.
  • The names of the rules were clarified to better reflect their meaning.
  • The tags attached to the rules were standardized and made easier to use. More on predefined tags...
  • The following rules have been consolidated:
    • Rule 1124 was merged into rule 1096.
    • Rule 1134 was merged into rule 1060.
    • Rule 2100 was merged into rule 2090.
    • Rule 7000 was merged into rule 5010.
    • Rule 7010 was merged into rule 5040.

Previous release notes can be found here.

Sentrigo Security Update 2.5.3

This Security Update includes Virtual Patches for Oracle's July 2009 CPU.
  • Rules 5580, 5582, 6030, 6210, 6212, 6214 and 6216 were added, to address advanced exploits of Oracle databases
  • Rules 1012, 1056 and 6202 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU
  • Rules 1083, 1096, 5670, 6000, 6010 and 6020 were updated for maintenance