Resources
Home » Resources » Red Team: Security Updates

Red Team: Security Updates

 

News

Credits for Security Research Contributions

Release Notes 

  

News 

July 14, 2010
Slavik Markovich, Sentrigo CTO and Red Team member, presented ‘Threat Vectors Affecting Database Security’, including demonstrations of how databases are exploited. View the archive

How to Compose Effective and Efficient Regular Expressions

October 6, 2009
 
When composing rules and exceptions for Hedgehog, you may need to use regular expressions. Here are some things worth considering.
 

Sentrigo Announces Microsoft SQL Server Password Vulnerability

September 2, 2009

 

Sentrigo discovered a vulnerability in all versions of SQL Server, which exposes passwords in clear text. The company’s researchers discovered personal passwords unencrypted in SQL Server memory when they accessed the server using administrative privileges. The company says that best practices call for even legitimate administrators never to see actual passwords. Hackers who gain administrative access could find these passwords as well.

 

Sentrigo Contributions Boost Database Security Through Oracle Patch Process

August 11, 2009

 

Sentrigo is recognized by Oracle for contributions in 4 out of last 5 Critical Patch Updates (CPUs), including fixes for several SQL injection vulnerabilities and numerous buffer overflow exploits that were discovered by Sentrigo as zero-day threats.

 

Sentrigo’s Virtual Patching Bridges a Chasm in Database Security Processes

April 30, 2009

 

Within 48 hours of Oracle’s release of its April 2009 Critical Patch Update, Sentrigo has released a security update containing virtual patching coverage for the vulnerabilities published in the CPU. Learn how Sentrigo’s vPatch protects Oracle customers from both the risks mitigated by and generated by security patch releases.

 
March 1, 2009
The released security update provides Sentrigo’s Sybase customers the highest security level in the market, covering known security issues, vulnerabilities and best practices particular to Sybase.

 

February 18, 2009
The two zero-day vulnerabilities in the Oracle database may enable an attacker or malicious user with execution privileged to specific packages to take over the database completely – compromising the entire contents of the database and the availability of the systems dependant on it.

 

Oracle CPU Dissected

January 20, 2009
Oracle releases Critical Patch Updates (CPUs) every three months, containing security code fixes to vulnerabilities discovered by its security personnel or external researchers and hackers. By exploring these CPUs it is possible to obtain valuable information about the vulnerabilities addressed by the patches and use them to create exploits that attack or hack the database. Thus, ironically, each time Oracle releases a new CPU to help protect databases, it actually increases the risk of Oracle databases worldwide being attacked.

 

Credits for Security Research

July 13, 2010: Oracle CPU Advisory (multiple contributors)

January 12, 2010: Oracle CPU Advisory

October 21, 2009: Oracle Database - Multiple Vulnerabilities

July 14, 2009: Oracle CPU Advisory

January 13, 2009: Oracle CPU Advisory

October 14, 2008: Oracle CPU Advisory

July 15, 2008: Oracle CPU Advisory

 

Release Notes

Sentrigo Security Update 4.0.2

This Security Update is a maintenance update.
  • Rules 1836 and 1837 were improved to reduce false alerts.
  • Rules 1830 and 6225 were improved to extend their coverage.
Previous release notes can be found here.

Sentrigo Security Update 4.0.1

This Security Update contains a new rule for a 0-day vulnerability, as well as maintenance updates.
  • Rule 6270 was added to protect against a 0-day vulnerability not yet fixed by Oracle.
  • Rule 1017 was split from 1015 to better detect attacks and reduce false alerts.
  • Rules 1836, 1837 and 6264 were improved to reduce false alerts.
  • The coverage of these rules was improved: 5510, 5520, 5530, 5540, 5550, 5560, 5570, 5700, 5710, 5720.
Previous release notes can be found here.

Sentrigo Security Update 4.0.0

This Security Update contains many new protections and several maintenance updates.
  • 11 rules were added to protect against some patched and some 0-day vulnerabilities:
    • 1015
    • 6266
    • 6268
    • 7834
    • 7836
    • 7838
    • 7840
    • 7842
    • 7844
    • 7846
    • 7848
  • Rule 6030 was updated for maintenance.

Previous release notes can be found here.

Sentrigo Security Update 3.5.7

This Security Update includes Virtual Patches for Oracle's Critical Patch Update (CPU) of July 2010.
  • Rule 6264 was added to address a newly disclosed vulnerability in Oracle databases.
  • Rule 6256 was already in place to protect Hedgehog users from vulnerabilities patched in this CPU.
  • Rule 1880 was updated for maintenance.

Previous release notes can be found here.

Sentrigo Security Update 3.5.6

This Security Update contains a new rule for a 0-day vulnerability, as well as maintenance updates.
  • Rule 6262 was added to protect against a 0-day vulnerability not yet fixed by Oracle.
  • Rules 5584 and 5586 were improved to reduce false alerts.
Previous release notes can be found here.

Sentrigo Security Update 3.5.5

This Security Update contains additional and improved protections for recent Oracle CPUs, as well as maintenance updates.
  • Rule 6258 was added to protect against an issue patched in the April 2010 CPU.
  • Rule 6260 was added to protect against a 0-day vulnerability reported to Oracle by Sentrigo.
  • Rules 1830, 5586, 5590 and 6254 were improved to reduce false alerts and increase coverage.
  • Alert level has been tuned in rules 5590, 5700 and 5730.
  • Rule 6224 has been renumbered 6225 in Server versions 3.5.2 and above.

Previous release notes can be found here.

Sentrigo Security Update 3.5.4

This Security Update includes Virtual Patches for Oracle's Critical Patch Update (CPU) of April 2010.
  • Rules 6248, 6250 and 6252 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU.
  • Rule 6256 was added to address a newly disclosed vulnerability in Oracle databases.

Previous release notes can be found here.

Sentrigo Security Update 3.5.3

This Security Update contains many new protections, as well as maintenance updates.
  • The following rules were added to protect against known vulnerabilities: 1046, 1090, 1110, 1224, 1349, 1351, 1372, 5060, 6101, 6103, 6105, 6111, 6113 and 6115.
  • Numerous rules have been modified to improve their coverage and reduce false alerts.
  • Numerous rules have been modified to clarify their description.

Previous release notes can be found here.

Sentrigo Security Update 3.5.2

This Security Update includes Virtual Patches for Oracle's Critical Patch Update (CPU) of January 2010.
  • Rules 1092, 1118, 1120 and 6224 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU.
  • Rule 6254 was added to address a newly disclosed vulnerability in Oracle databases.
  • Rules 210, 1106, 1206, 1208 and 5560 were updated for maintenance.

Previous release notes can be found here.

Sentrigo Security Update 3.5.1

This Security Update contains many new protections, as well as maintenance updates.
  • The following rules were added to protect against known and 0-day vulnerabilities: 1113, 1157, 1366, 1368, 1370, 1837, 1842, 2142, 6242, 6244, 6246, 6248, 6250 and 6252.
  • Numerous rules have been modified to improve their coverage.
  • Numerous rules have been modified to clarify their description.
  • On Hedgehog Server versions 3.5.1 and later, rule 1837 was added. This rule is very useful in detecting general (even 0-day) SQL Injection attacks, but may adversely affect system performance. For this reason, rule 1837 is disabled by default, and may be enabled by users who wish to activate it.

Previous release notes can be found here.

Sentrigo Security Update 3.5.0

This Security Update includes more Virtual Patches for Oracle's October 2009 CPU.
  • Rules 6238 and 6240 were added to address remaining vulnerabilities disclosed in the CPU
  • Rules 2140, 6234 and 6236 were added to address publicly-known attack vectors
  • Rule 5590 was updated to improve its ability to identify attacks
Previous release notes can be found here.

Sentrigo Security Update 3.0.2

This Security Update includes Virtual Patches for Oracle's October 2009 CPU.
  • Rules 6226, 6228, 6230 and 6232 were added to address newly disclosed vulnerabilities in Oracle databases
  • Rules 1112, 6214 and 6216 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU
  • Rules 1158, 1166, 5540, 5550 and 6128 were updated to improve their coverage

Sentrigo Security Update 3.0.1

This security update introduces many new and improved vPatch rules. In this update:
  • 27 new rules were introduced to detect attacks and suspicious activity.
  • The existing rules were optimized for performance and effectiveness.
  • A few rules underwent minor maintenance updates.
Previous release notes can be found here.

Sentrigo Security Update 3.0.0

This is a maintenance update of the vPatch rules. In this update:
  • The rules were streamlined and optimized for accuracy and performance.
  • The names of the rules were clarified to better reflect their meaning.
  • The tags attached to the rules were standardized and made easier to use. More on predefined tags...
  • The following rules have been consolidated:
    • Rule 1124 was merged into rule 1096.
    • Rule 1134 was merged into rule 1060.
    • Rule 2100 was merged into rule 2090.
    • Rule 7000 was merged into rule 5010.
    • Rule 7010 was merged into rule 5040.

Previous release notes can be found here.

Sentrigo Security Update 2.5.3

This Security Update includes Virtual Patches for Oracle's July 2009 CPU.
  • Rules 5580, 5582, 6030, 6210, 6212, 6214 and 6216 were added, to address advanced exploits of Oracle databases
  • Rules 1012, 1056 and 6202 were already in place to protect Hedgehog users from vulnerabilities patched in this CPU
  • Rules 1083, 1096, 5670, 6000, 6010 and 6020 were updated for maintenance