A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information.
A view is a queryable aggregation of data from one or more tables that is stored and maintained.
A remote attacker may be able to execute arbitrary SQL statements with elevated privileges. This may allow the attacker to access and modify sensitive information within an Oracle database.
This vulnerability was reported by Alexander Kornbrust of Red Database Security. Red Database Security credits Jens Flasche, Dr. Christian Kleinew์hter, and Swen Thümmler with providing information regarding this issue. Information used in this document came from Oracle.
This document was written by Jeff Gennari and Stephen Rhoton.
|Date First Published:||2006-05-03|
|Date Last Updated:||2007-01-03 14:45 UTC|