Oracle Database Access Restriction Bypass Vulnerability
BID:17426
Info
Oracle Database Access Restriction Bypass Vulnerability
| Bugtraq ID: | 17426 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2006 12:00AM |
| Updated: | Apr 11 2006 05:52PM |
| Credit: | The vendor originally disclosed this issue to Metalink customers. Alexander Kornbrust of Red-Database-Security GmbH provided further information. |
| Vulnerable: |
Oracle Oracle9i Standard Edition 9.2 .7 Oracle Oracle9i Standard Edition 9.2 .6 Oracle Oracle9i Standard Edition 9.2 .3 Oracle Oracle9i Standard Edition 9.2 .2 Oracle Oracle9i Standard Edition 9.2 .2 Oracle Oracle9i Standard Edition 9.2 .1 Oracle Oracle9i Standard Edition 9.2 .1 Oracle Oracle9i Standard Edition 9.2 .0.5 Oracle Oracle9i Standard Edition 9.2 .0.3 Oracle Oracle9i Standard Edition 9.2 .0.2 Oracle Oracle9i Standard Edition 9.2 .0.1 Oracle Oracle9i Standard Edition 9.2 Oracle Oracle9i Personal Edition 9.2 .6 Oracle Oracle9i Personal Edition 9.2 .0.5 Oracle Oracle9i Personal Edition 9.2 .0.3 Oracle Oracle9i Personal Edition 9.2 .0.2 Oracle Oracle9i Personal Edition 9.2 .0.1 Oracle Oracle9i Personal Edition 9.2 Oracle Oracle9i Enterprise Edition 9.2 .6.0 Oracle Oracle9i Enterprise Edition 9.2 .2 Oracle Oracle9i Enterprise Edition 9.2 .0.5 Oracle Oracle9i Enterprise Edition 9.2 .0.3 Oracle Oracle9i Enterprise Edition 9.2 .0.1 Oracle Oracle9i Enterprise Edition 9.2 .0 Oracle Oracle10g Standard Edition 10.2 .3 Oracle Oracle10g Standard Edition 10.2 .1 Oracle Oracle10g Standard Edition 10.1 .4.2 Oracle Oracle10g Standard Edition 10.1 .0.5 Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.2 .3 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.2 .3 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 |
| Not Vulnerable: | |
Discussion
Oracle Database Access Restriction Bypass Vulnerability
Oracle Database is susceptible to a vulnerability that allows attackers to bypass access restrictions. This issue is due to a failure of the application to properly enforce read-only privileges for user roles in certain circumstances.
To exploit this issue, a user must have 'CREATE VIEW' and 'CREATE DATABASE LINK' privileges. Also, the base table must have a primary key.
This issue allows attackers to modify data stored in affected databases, even if they are granted just read-only access. This may allow them to gain elevated privileges in the database.
Oracle versions 9.2.0.0 through 10.2.0.3 are affected by this issue.
This issue was originally disclosed by the vendor via Metalink, under the title "363848.1 - A User with SELECT Object Privilege on Base Tables Can Delete Rows from a View". This article has reportedly been removed since its initial disclosure.
Oracle Database is susceptible to a vulnerability that allows attackers to bypass access restrictions. This issue is due to a failure of the application to properly enforce read-only privileges for user roles in certain circumstances.
To exploit this issue, a user must have 'CREATE VIEW' and 'CREATE DATABASE LINK' privileges. Also, the base table must have a primary key.
This issue allows attackers to modify data stored in affected databases, even if they are granted just read-only access. This may allow them to gain elevated privileges in the database.
Oracle versions 9.2.0.0 through 10.2.0.3 are affected by this issue.
This issue was originally disclosed by the vendor via Metalink, under the title "363848.1 - A User with SELECT Object Privilege on Base Tables Can Delete Rows from a View". This article has reportedly been removed since its initial disclosure.
Exploit / POC
Oracle Database Access Restriction Bypass Vulnerability
An attacker uses standard database client utilities to exploit this issue.
This issue was originally disclosed on Metalink, along with a working exploit example. This example is likely available to attackers.
An attacker uses standard database client utilities to exploit this issue.
This issue was originally disclosed on Metalink, along with a working exploit example. This example is likely available to attackers.
Solution / Fix
Oracle Database Access Restriction Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Oracle Database Access Restriction Bypass Vulnerability
References:
References:
- Oracle Homepage (Oracle)
- Read-only user can modify data via views (Red-Database-Security GmbH)