what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

oracle_cpu_jul_2007.txt

oracle_cpu_jul_2007.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.

tags | advisory
SHA-256 | f648f25b709a85c097126511d08bafb72d2ced88a799165bf3975637df3a482d

oracle_cpu_jul_2007.txt

Change Mirror Download
Insert / Update / Delete Data via Views
#######################################

This advisory <http://www.red-database-security.com/advisory/oracle_view_vulnerability.html>

Name Insert / Update / Delete Data via Views [DB17]
Systems Oracle 8i - 10g Rel. 2
Severity High Risk
Category Bypass Access Control
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 17 July 2007 (V 1.00)


Details
########
Updates, deletes and inserts are possible via specially crafted views without
having the right privileges.

This vulnerability is not identical with similar vulnerabilities fixed with April 2006 CPU
and October 2006 CPU.


Samples
#######
delete from (specially crafted view)
insert into (specially crafted view)
update (specially crafted view)

Testcases will be released if we can verify that the problem is really fixed.


Patch Information
#################
Apply the patches for Oracle CPU July 2007.


History
#######
24-oct-2006 Oracle secalert was informed
25-oct-2006 Bug confirmed
18-jul-2007 Oracle published CPU July 2007 [DB17]
18-jul-2007 Advisory published


Analysis and CVE entries of the Oracle CPU
###########################################
<http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html>

(c) 2007 by Red-Database-Security GmbH - last update 17-jul-2007

Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close