Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 DB:ORACLE:CREATE-VIEW

Severity

 Minor

Recommended

 No

Category

 DB

Keywords

 Oracle Database Server Create View

Release Date

 2010/09/02

Update Number

 1765

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

DB: Oracle Database Server Create View


This signature detects attempts to exploit a known vulnerability against Oracle Database Server. Attackers can use this vulnerability to perform privilege escalation.

Extended Description

Oracle Database is susceptible to a vulnerability that allows attackers to bypass access restrictions. This issue is due to a failure of the application to properly enforce read-only privileges for user roles in certain circumstances. To exploit this issue, a user must have 'CREATE VIEW' and 'CREATE DATABASE LINK' privileges. Also, the base table must have a primary key. This issue allows attackers to modify data stored in affected databases, even if they are granted just read-only access. This may allow them to gain elevated privileges in the database. Oracle versions 9.2.0.0 through 10.2.0.3 are affected by this issue. This issue was originally disclosed by the vendor via Metalink, under the title "363848.1 - A User with SELECT Object Privilege on Base Tables Can Delete Rows from a View". This article has reportedly been removed since its initial disclosure.

Affected Products

  • Oracle oracle10g_enterprise_edition 10.1.0 .0.2
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.3
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.3.1
  • Oracle oracle10g_enterprise_edition 10.1.0 .0.4
  • Oracle oracle10g_enterprise_edition 10.2.0 .3
  • Oracle oracle10g_personal_edition 10.1.0 .0.2
  • Oracle oracle10g_personal_edition 10.1.0 .0.3
  • Oracle oracle10g_personal_edition 10.1.0 .0.3.1
  • Oracle oracle10g_personal_edition 10.1.0 .0.4
  • Oracle oracle10g_personal_edition 10.2.0 .3
  • Oracle oracle10g_standard_edition 10.1.0 .0.2
  • Oracle oracle10g_standard_edition 10.1.0 .0.3
  • Oracle oracle10g_standard_edition 10.1.0 .0.3.1
  • Oracle oracle10g_standard_edition 10.1.0 .0.4
  • Oracle oracle10g_standard_edition 10.1.0 .0.5
  • Oracle oracle10g_standard_edition 10.1.0 .4.2
  • Oracle oracle10g_standard_edition 10.2.0.1
  • Oracle oracle10g_standard_edition 10.2.0 .3
  • Oracle oracle9i_enterprise_edition 9.2.0 .0
  • Oracle oracle9i_enterprise_edition 9.2.0 .0.1
  • Oracle oracle9i_enterprise_edition 9.2.0 .0.3
  • Oracle oracle9i_enterprise_edition 9.2.0 .0.5
  • Oracle oracle9i_enterprise_edition 9.2.0.2
  • Oracle oracle9i_enterprise_edition 9.2.0.6.0
  • Oracle oracle9i_personal_edition 9.2.0
  • Oracle oracle9i_personal_edition 9.2.0 .0.1
  • Oracle oracle9i_personal_edition 9.2.0 .0.2
  • Oracle oracle9i_personal_edition 9.2.0 .0.3
  • Oracle oracle9i_personal_edition 9.2.0 .0.5
  • Oracle oracle9i_personal_edition 9.2.0 .6
  • Oracle oracle9i_standard_edition 9.2.0
  • Oracle oracle9i_standard_edition 9.2.0 .0.1
  • Oracle oracle9i_standard_edition 9.2.0 .0.2
  • Oracle oracle9i_standard_edition 9.2.0 .0.3
  • Oracle oracle9i_standard_edition 9.2.0 .0.5
  • Oracle oracle9i_standard_edition 9.2.0 .1
  • Oracle oracle9i_standard_edition 9.2.0 .2
  • Oracle oracle9i_standard_edition 9.2.0 .3
  • Oracle oracle9i_standard_edition 9.2.0 .6
  • Oracle oracle9i_standard_edition 9.2.0 .7

References

  • BugTraq: 17426
  • CVE: CVE-2006-1705

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out