Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 9i DB Security Hole

Re: Oracle 9i DB Security Hole

From: Andrew Mobbs <andrewm_at_chiark.greenend.org.uk>
Date: 18 Apr 2002 09:49:16 +0100 (BST)
Message-ID: <8uf*Ji6lp@news.chiark.greenend.org.uk> 





Niall Litchfield <n-litchfield_at_audit-commission.gov.uk> wrote:


>

>So a user with only Create Session privilege can read any data they like. In

>other words business data is entirely open to scrutiny by any user with

>create session privilege only.




What puzzles me is how little noise there's been about this. If there
was a bug in a widely deployed Unix or Microsoft operating system that
allowed any user to read any file on the system, it'd all over
the IT press, and probably make it to mainstream media.



So far, I've seen mention of it here, followed by a quick report on
BugTraq, with a couple of very confused followups, and an article on
The Inquirer (http://www.theinquirer.net/).


-- 
Andrew Mobbs - http://www.chiark.greenend.org.uk/~andrewm/


Received on Thu Apr 18 2002 - 03:49:16 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US