Signature Detail

DB: Oracle Database Server Create View

This signature detects attempts to exploit a known vulnerability against Oracle Database Server. Attackers can use this vulnerability to perform privilege escalation.

Extended Description

Oracle Database is susceptible to a vulnerability that allows attackers to bypass access restrictions. This issue is due to a failure of the application to properly enforce read-only privileges for user roles in certain circumstances. To exploit this issue, a user must have 'CREATE VIEW' and 'CREATE DATABASE LINK' privileges. Also, the base table must have a primary key. This issue allows attackers to modify data stored in affected databases, even if they are granted just read-only access. This may allow them to gain elevated privileges in the database. Oracle versions 9.2.0.0 through 10.2.0.3 are affected by this issue. This issue was originally disclosed by the vendor via Metalink, under the title "363848.1 - A User with SELECT Object Privilege on Base Tables Can Delete Rows from a View". This article has reportedly been removed since its initial disclosure.

Affected Products

• Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.3.1
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.1.0 .0.2
• Oracle Oracle10g Personal Edition 10.1.0 .0.3
• Oracle Oracle10g Personal Edition 10.1.0 .0.3.1
• Oracle Oracle10g Personal Edition 10.1.0 .0.4
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.1.0 .0.2
• Oracle Oracle10g Standard Edition 10.1.0 .0.3
• Oracle Oracle10g Standard Edition 10.1.0 .0.3.1
• Oracle Oracle10g Standard Edition 10.1.0 .0.4
• Oracle Oracle10g Standard Edition 10.1.0 .0.5
• Oracle Oracle10g Standard Edition 10.1.0 .4.2
• Oracle Oracle10g Standard Edition 10.2.0.1
• Oracle Oracle10g Standard Edition 10.2.0 .3
• Oracle Oracle9i Enterprise Edition 9.2.0 .0
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.1
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.3
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
• Oracle Oracle9i Enterprise Edition 9.2.0.2
• Oracle Oracle9i Enterprise Edition 9.2.0.6.0
• Oracle Oracle9i Personal Edition 9.2.0
• Oracle Oracle9i Personal Edition 9.2.0 .0.1
• Oracle Oracle9i Personal Edition 9.2.0 .0.2
• Oracle Oracle9i Personal Edition 9.2.0 .0.3
• Oracle Oracle9i Personal Edition 9.2.0 .0.5
• Oracle Oracle9i Personal Edition 9.2.0 .6
• Oracle Oracle9i Standard Edition 9.2.0
• Oracle Oracle9i Standard Edition 9.2.0 .0.1
• Oracle Oracle9i Standard Edition 9.2.0 .0.2
• Oracle Oracle9i Standard Edition 9.2.0 .0.3
• Oracle Oracle9i Standard Edition 9.2.0 .0.5
• Oracle Oracle9i Standard Edition 9.2.0 .1
• Oracle Oracle9i Standard Edition 9.2.0 .2
• Oracle Oracle9i Standard Edition 9.2.0 .3
• Oracle Oracle9i Standard Edition 9.2.0 .6
• Oracle Oracle9i Standard Edition 9.2.0 .7

References

• BugTraq: 17426
• CVE: CVE-2006-1705