lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <000f01c6f6c3$8506aa60$1b02a8c0@rds.local>
Date: Mon, 23 Oct 2006 18:51:42 +0200
From: "Alexander Kornbrust" <ak@...-database-security.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Modify Data via Inline Views

Name 	Modify Data via Inline Views (8107967) [DB09]
Systems Affected 	Oracle 9i - 10g Rel. 2
Severity 	High Risk
Category 	Unauthorized Access
Vendor URL 	http://www.oracle.com/
Author 	Alexander Kornbrust (ak at red-database-security.com)
Advisory 	18 October 2006 (V 1.00)
Advisory
http://www.red-database-security.com/advisory/oracle_modify_data_via_inline_
views.html

Details
#######
Updates, deletes and inserts are possible with least-privilege via inline
views. A user with create session only can insert/update/delete data (e.g.
the dual table). This bug is similar but not identical to the bug which was
fixed in the July 2006 CPU (Modify Data via views). No workarounds
available.


Samples
#######
delete from (specially crafted inline view)
insert into (specially crafted inline view)
update (specially crafted inline view)


Patch Information
#################
Apply the patches for Oracle CPU October 2006.


History
#######
24-jul-2006 Oracle secalert was informed about a variant of the create view
bug.
18-oct-2006 Oracle published CPU October 2006 [DB09]
18-oct-2006 Advisory published


Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here
http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ