Insert / Update / Delete Data via Views
Updates, deletes and inserts are possible via specially crafted views without having the right privileges.
delete from (specially crafted view)
insert into (specially crafted view)
update (specially crafted view)
Testcases will be released if we can verify that the problem is really fixed.
Apply the patches for Oracle CPU July 2007.
24-oct-2006 Oracle secalert was informed
25-oct-2006 Bug confirmed
18-jul-2007 Oracle published CPU July 2007 [DB17]
18-jul-2007 Advisory published
© 2007 by Red-Database-Security GmbH - last update 17-jul-2007