Modify Data via Inline Views
Updates, deletes and inserts are possible with least-privilege via inline views. A user with create session only can insert/update/delete data.
delete from (specially crafted inline view)
insert into (specially crafted inline view)
update (specially crafted inline view)
Apply the patches for Oracle CPU October 2006.
24-jul-2006 Oracle secalert was informed about a variant of the create view bug.
18-oct-2006 Oracle published CPU October 2006 [DB09]
18-oct-2006 Advisory published
23-oct-2006 CVE added
© 2006 by Red-Database-Security GmbH - last update 23-oct-2006