Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Modify Data via Inline Views
From: ak () red-database-security com
Date: 23 Oct 2006 16:45:14 -0000
Name    Modify Data via Inline Views (8107967) [DB09]
Systems Affected        Oracle 9i - 10g Rel. 2
Severity        High Risk
Category        Unauthorized Access
Vendor URL      http://www.oracle.com/
Author  Alexander Kornbrust (ak at red-database-security.com)
Advisory        18 October 2006 (V 1.00)
Advisory    http://www.red-database-security.com/advisory/oracle_modify_data_via_inline_views.html

Details
#######
Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can 
insert/update/delete data (e.g. the dual table). This bug is similar but not identical to the bug which was fixed in 
the July 2006 CPU (Modify Data via views). No workarounds available.


Samples
#######
delete from (specially crafted inline view)
insert into (specially crafted inline view)
update (specially crafted inline view)


Patch Information
#################
Apply the patches for Oracle CPU October 2006.


History
#######
24-jul-2006 Oracle secalert was informed about a variant of the create view bug.
18-oct-2006 Oracle published CPU October 2006 [DB09]
18-oct-2006 Advisory published


Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here 
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

  By Date           By Thread  

Current thread:
  • Modify Data via Inline Views ak (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]