Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

SQLLite Management Application ripe for Picking?

SQLLite is probably the world's most wide-deployed SQL database platform, being found in:

With all of these deployments (usually embedded), it isn't any surprise that there are SQLLite database management applications to help developers and administrators manage their databases and installations. One in particular, SQLLiteManager, has come to the attention of a security researcher who has identified a number of worrying holes in the application and the way it operates. With everything from unauthenticated remote database manipulation (deletion, creation, anything) through to silent remote detection of the software and activation of attacks without user interaction, it can be assumed that it isn't going to be long before any system that is connected to the Internet and which is running this particular software is at critical risk.

In the interim, before the developers can release an update to SQLLitemanager, administrators should consider isolating systems with the application from the Internet as these vulnerabilities can be triggered through CSRF and XSS attacks.

29 March 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.