PT-2006-2699 · Oracle · Oracle Database

Dr. Christian Kleinewächter

Published

2006-04-11

Updated

2018-10-18

CVE-2006-1705

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 9.2.0.0 through 10.2.0.3

Description: The issue allows local users with SELECT privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.

Recommendations: For Oracle Database versions 9.2.0.0 through 10.2.0.3, consider restricting SELECT privileges for base tables to minimize the risk of exploitation. As a temporary workaround, limit the ability to create views for users with SELECT privileges until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1705

Affected Products

Oracle Database

PT-2006-2699 · Oracle · Oracle Database

CVE-2006-1705

Related Identifiers

Affected Products

References · 10