Data Manipulation Vulnerability in Oracle Database by Local Users
CVE-2006-1705

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle9i
Vendor: CVE Published:; 11 April 2006

What is CVE-2006-1705?

This vulnerability in Oracle Database allows local users with 'SELECT' privileges on a base table to manipulate data significantly. By creating specially crafted views, these users can insert, update, or delete data indirectly. This exploitation poses a risk to data integrity, as it enables unauthorized access and modification actions through legitimate user permissions.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-A...

mailing-listx_refsource_FULLDISC

http://www.kb.cert.org/vuls/id/805737

third-party-advisoryx_refsource_CERT-VN

http://www.red-database-security.com/advisory/oracle_modi...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2006
Vulnerability Reserved
Apr 10, 2006