Oracle · Oracle Database · CVE-2006-1705
Name of the Vulnerable Software and Affected Versions:
Oracle Database versions 9.2.0.0 through 10.2.0.3
Description:
The issue allows local users with `SELECT` privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
Recommendations:
For Oracle Database versions 9.2.0.0 through 10.2.0.3, consider restricting `SELECT` privileges for base tables to minimize the risk of exploitation. As a temporary workaround, limit the ability to create views for users with `SELECT` privileges until a patch is available.