| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security - Read-only user can modify data via views
Had Oracle themselves not emailed working exploit code around the world then
I would probably agree, as it stands I think that it is a helpful warning.
Niall
On 4/12/06, Andre van Winssen <awinssen_at_xs4all.nl> wrote:
>
> yes, and I told the poster, Alexander Kornbrust, that his company is very
> careless and irresponsible by revealing so much detail. It took little
> time before I was able to delete data that wasn't mine or change dba
> account passwords for which my oracle account had no priv. No patch
> available yet and it works in all latest and greatest database versions.
> Checked it myself
> Are you ready for the next Cpu?
>
> Regards,
> Andre
>
> -: An Oracle error is an index on the solutions table :-
> -: Andre
>
>
> > Has anyone read this -
> >
> >
> http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html
> >
> > The note mentioned seems to be have taken out from the metalink now.
> >
> > Thanks
> > Manmohan
> >
> > --
> > _______________________________________________
> >
> > Search for businesses by name, location, or phone number. -Lycos Yellow
> > Pages
> >
> >
> http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
> >
> > --
> > http://www.freelists.org/webpage/oracle-l
> >
> >
> >
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Niall Litchfield Oracle DBA http://www.orawin.info -- http://www.freelists.org/webpage/oracle-lReceived on Wed Apr 12 2006 - 07:48:00 CDT
 |
 |