Hacker finds 492,000 unprotected Oracle, SQL database servers

Summary:A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.

A survey by renowned database hacker David Litchfield has found a whopping 492,000 Microsoft SQL and Oracle database servers directly accessible to the Internet without firewall protection.

David Litchfield — database server exposure survey

Litchfield (right), co-founder of Next Generation Security Software, ran port scans against 1,160,000 random IP addresses -- TCP port 1433 (SQL Server) and 1521 (Oracle) -- and found about 368,000 Microsoft SQL Servers directly accessible on the Internet and around 124,000 unprotected Oracle database servers.

"Between the two vendors, there are 492,000 database servers out there on the Internet not protected by a firewall. Whilst the number of Oracle servers has very slightly dropped since 2005 when it was estimated there were 140,000, the number of SQL Servers has risen dramatically from 210,000 in 2005," Litchfield warned.

Of the SQL Servers found, more than 80% were running SQL Server 2000 and of those, only 46% were running Service Pack 4, the most recent, and the remainder were running Service Pack 3a or less. "Indeed, 4% were found to be completely unpatched and are vulnerable to the flaw exploited by the Slammer worm as well as an authentication flaw known as the 'Hello bug'," Litchfield added.

Hacker finds 492,000 unprotected database servers
Of the unprotected Oracle servers, Litchfield found 13 were running de-supported versions of Oracle that no longer receive patches and are known to be vulnerable to critical vulnerabilities.

"In other words those that can be exploited by an attacker without a username and password and gain full control of the target. Given that it’s not possible to tell whether an Oracle server has been patched or not by looking at its version number it's difficult to draw accurate conclusions about the state of vulnerability with regards to the other servers," he added.

"These findings represent a significant risk: whilst it’s not possible to say how many of these systems are engaged in a commercial function, with just under half a million servers accessible there is clearly potential for external hackers and criminals to gain access to these systems and to sensitive information," he warned.

Topics: Hardware, Data Centers, Data Management, Enterprise Software, Oracle, Security, Servers, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.