what you don't know can hurt you

oracle_cpu_jul_2007.txt

oracle_cpu_jul_2007.txt
Posted Jul 19, 2007
Authored by Alexander Kornbrust | Site red-database-security.com

Oracle 8i through 10g Release 2 allow updates, deletes and inserts via specially crafted views without having the right privileges.

tags | advisory
MD5 | 983012a6e51d19bba18e796f5e0b9fc0

oracle_cpu_jul_2007.txt

Change Mirror Download
Insert / Update / Delete Data via Views
#######################################

This advisory <http://www.red-database-security.com/advisory/oracle_view_vulnerability.html>

Name Insert / Update / Delete Data via Views [DB17]
Systems Oracle 8i - 10g Rel. 2
Severity High Risk
Category Bypass Access Control
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 17 July 2007 (V 1.00)


Details
########
Updates, deletes and inserts are possible via specially crafted views without
having the right privileges.

This vulnerability is not identical with similar vulnerabilities fixed with April 2006 CPU
and October 2006 CPU.


Samples
#######
delete from (specially crafted view)
insert into (specially crafted view)
update (specially crafted view)

Testcases will be released if we can verify that the problem is really fixed.


Patch Information
#################
Apply the patches for Oracle CPU July 2007.


History
#######
24-oct-2006 Oracle secalert was informed
25-oct-2006 Bug confirmed
18-jul-2007 Oracle published CPU July 2007 [DB17]
18-jul-2007 Advisory published


Analysis and CVE entries of the Oracle CPU
###########################################
<http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html>

(c) 2007 by Red-Database-Security GmbH - last update 17-jul-2007

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close