Home > Developer > Database Administrator

Oracle Database Access Restriction Bypass Vulnerability

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Affected Systems:Oracle Database 9.2.0.0-10.2.0.3

Description: Bugtraq id: 17426

Oracle is a large commercial database system. Oracle 9.2.0.0 to 10.2.0.3 allows users with only SELECT permission in the base table to insert, update, and delete data through a specially crafted view, low-Permission users who successfully exploit this vulnerability can insert, update, and delete data by creating a specially crafted view.

This vulnerability has a low impact on Oracle data dictionaries because most dictionary tables do not have a primary key, and the exploitation of this vulnerability requires a primary key.

Test Method:

Warning:The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Assume that dbsnmp only has the select any dictionary permission and cannot update Tables in the data DICTIONARY.

C: \> sqlplus dbsnmp/dbsnmp
SQL * Plus: Release 10.1.0.4.0-Production on Thu Apr 8 19:20:27 2006
Copyright (c) 1982,200 5, Oracle. All rights reserved.
Connected:
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0
-Production With the Partitioning, OLAP and Data Mining options
SQL> select * from v $ version;
BANNER
Oracle Database 10g Enterprise Edition Release 10.1.0.4.0
-Prod PL/SQL Release 10.1.0.4.0-Production
CORE 10.1.0.4.0 Production
TNS for 32-bit Windows: Version 10.1.0.4.0
-Production NLSRTL Version 10.1.0.4.0-Production
SQL> -- the data cannot be deleted from the data dictionary)
SQL> delete from sys. registry $;
Delete from sys. registry $
*
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> -- create a custom View
SQL> create or replace view e as select [... censored...];
View created.
SQL> -- discard data through the view !!! ==> Security Vulnerabilities !!!
SQL> delete from e;
17 rows deleted.

Suggested temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Filter 9i to 10g R1 connection roles and delete create view and create database link permissions.

* Delete the primary key from the base table. Please note that this may cause performance and integrity problems.

Vendor patch: Oracle

Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version.

Note: <* Source: Alexander Kornbrust ak@red-database-security.com) Link: http://marc.theaimsgroup.com /? L = bugtraq & m = 114468438319540 & w = 2 *>


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to access oracle database link access to oracle database vulnerability database security vulnerability database open source vulnerability database vulnerability database cve iot vulnerability database
Related Article
Database Administrator DBA
Alibaba DBA (database administrator) pen question __ Database
Level of DBA (database administrator)
The personality characteristics of the DBA (database administ...
Recover database administrator password, user authorization, ...
Sort common DB2 scripts

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More