lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061023164514.19796.qmail@securityfocus.com>
Date: 23 Oct 2006 16:45:14 -0000
From: ak@...-database-security.com
To: bugtraq@...urityfocus.com
Subject: Modify Data via Inline Views

Name 	Modify Data via Inline Views (8107967) [DB09]
Systems Affected 	Oracle 9i - 10g Rel. 2
Severity 	High Risk
Category 	Unauthorized Access
Vendor URL 	http://www.oracle.com/
Author 	Alexander Kornbrust (ak at red-database-security.com)
Advisory 	18 October 2006 (V 1.00)
Advisory    http://www.red-database-security.com/advisory/oracle_modify_data_via_inline_views.html

Details
#######
Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can insert/update/delete data (e.g. the dual table). This bug is similar but not identical to the bug which was fixed in the July 2006 CPU (Modify Data via views). No workarounds available.


Samples
#######
delete from (specially crafted inline view)
insert into (specially crafted inline view)
update (specially crafted inline view)


Patch Information
#################
Apply the patches for Oracle CPU October 2006.


History
#######
24-jul-2006 Oracle secalert was informed about a variant of the create view bug.
18-oct-2006 Oracle published CPU October 2006 [DB09]
18-oct-2006 Advisory published


Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ