Site menu:

Welcome | Products & Services | Security Portal | Commentary | Employment | FAQ | Privacy |

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

SQLLite Management Application ripe for Picking?

SQLLite is probably the world's most wide-deployed SQL database platform, being found in:

• 125 million copies of Mozilla Firefox
• 20 million Mac computers, each of which contains multiple copies of SQLite
• 20 million websites run PHP which has SQLite built in.
• 300 million downloads of the Skype client software and 100 million registered users
• 20 million Symbian smartphones shipped in Q3 2007
• 10 million AOL subscribers use SQLite in the AOL email client that comes bundled with their subscription.
• 10 million Solaris 10 installations, all of which require SQLite in order to boot.
• Millions and millions of copies of McAfee anti-virus software all use SQLite internally.
• Millions of iPhones and iPod Touches use SQLite

With all of these deployments (usually embedded), it isn't any surprise that there are SQLLite database management applications to help developers and administrators manage their databases and installations. One in particular, SQLLiteManager, has come to the attention of a security researcher who has identified a number of worrying holes in the application and the way it operates. With everything from unauthenticated remote database manipulation (deletion, creation, anything) through to silent remote detection of the software and activation of attacks without user interaction, it can be assumed that it isn't going to be long before any system that is connected to the Internet and which is running this particular software is at critical risk.

In the interim, before the developers can release an update to SQLLitemanager, administrators should consider isolating systems with the application from the Internet as these vulnerabilities can be triggered through CSRF and XSS attacks.

29 March 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.

More information:

Subscribe to our feed.

Commentary & Insight From Sûnnet Beskerming20242023202220212020201920182017201620152014201320122011201020092008 - December - November - October - September - August - July - June - May - April - MarchSQLLite Management Application ripe for Picking?The Truth is, Everyone is a TargetDon't Click HereWhen SSL Isn't Going to save youHow do you do. Please state your problem.A Simple Demonstration of CSRF riskSomebody has to do the Dirty workMicrosoft Security Patch Advance Notification March 2008PayPal and Anti-Phishing RecommendationsMalware Doing its Best not to Meet youUsing Bleeding Edge Software can be HarmfulAn Interesting Certification Challenge - February - January200720062005

Patch Briefs

Reach Us:

Reach us at
info@beskerming.com

Reach us via IM

Jabber:
Server - jabber.org.au Account - Sunnet.Beskerming

AIM / iChat:
sunnetbeskerming

ICQ:
339742914

Google Talk:
Sunnet.Beskerming

Yahoo! Messenger:
sunnet.beskerming

MSN:
info@beskerming.com

Testimonials

"...extremely timely, accurate reporting..."

"...honesty which is refreshing..."

Copyright © 2005-2011 Sûnnet Beskerming Pty. Ltd. Design by Andreas Viklund.