Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole
Niall Litchfield <n-litchfield_at_audit-commission.gov.uk> wrote:
>
>So a user with only Create Session privilege can read any data they like. In
>other words business data is entirely open to scrutiny by any user with
>create session privilege only.
What puzzles me is how little noise there's been about this. If there was a bug in a widely deployed Unix or Microsoft operating system that allowed any user to read any file on the system, it'd all over the IT press, and probably make it to mainstream media.
So far, I've seen mention of it here, followed by a quick report on BugTraq, with a couple of very confused followups, and an article on The Inquirer (http://www.theinquirer.net/).
-- Andrew Mobbs - http://www.chiark.greenend.org.uk/~andrewm/Received on Thu Apr 18 2002 - 03:49:16 CDT