Re: Security - Read-only user can modify data via views

• From: "Andre van Winssen" <awinssen@xxxxxxxxx>
• To: mjalsing@xxxxxxxxx
• Date: Wed, 12 Apr 2006 13:27:37 +0200 (CEST)

yes, and I told the poster, Alexander Kornbrust, that his company is very
careless and irresponsible by revealing so much detail. It took little
time before I was able to delete data that wasn't mine or change dba
account passwords for which my oracle account had no priv. No patch
available yet and it works in all latest and greatest database versions.
Checked it myself
Are you ready for the next Cpu?

Regards,
Andre

-: An Oracle error is an index on the solutions table :-
-: Andre


> Has anyone read this -
>
> http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html
>
> The note mentioned seems to be have taken out from the metalink now.
>
> Thanks
> Manmohan
>
> --
> _______________________________________________
>
> Search for businesses by name, location, or phone number.  -Lycos Yellow
> Pages
>
> http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>


--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Security - Read-only user can modify data via views
    • From: Niall Litchfield

• References:
  • Security - Read-only user can modify data via views
    • From: Manmohan Jalsingh

Other related posts:

• » Security - Read-only user can modify data via views
• » Re: Security - Read-only user can modify data via views
• » Re: Security - Read-only user can modify data via views
• » Re: Security - Read-only user can modify data via views
• » RE: Security - Read-only user can modify data via views

1. Home
2. oracle-l
3. Archive
4. 04-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---