Vulnerability Name:

CVE-2006-1705 (CCN-25696)

Assigned:2006-04-10
Published:2006-04-10
Updated:2018-10-18
Summary:Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: Full-Disclosure Mailing List, Mon Apr 10 2006 - 07:11:38 CDT
Oracle read-only user can insert/update/delete data via specially crafted views

Source: MITRE
Type: CNA
CVE-2006-1705

Source: FULLDISC
Type: UNKNOWN
20060410 Oracle read-only user can insert/update/delete data via specially crafted views

Source: CCN
Type: SA19574
Oracle Database Access Restrictions Bypass Vulnerability

Source: SECUNIA
Type: Vendor Advisory
19574

Source: CCN
Type: SECTRACK ID: 1015886
Oracle Database Lets Remote Authenticated Low Privilege Users Make Unauthorized Modifications on a Base Table

Source: SECTRACK
Type: UNKNOWN
1015886

Source: CCN
Type: US-CERT VU#805737
Oracle views fail to enforce table security settings

Source: CERT-VN
Type: US Government Resource
VU#805737

Source: CCN
Type: Oracle Database Web site
Oracle Database

Source: CCN
Type: OSVDB ID: 24505
Oracle Database SELECT Permission Access Restriction Bypass

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_modify_data_via_views.html

Source: BUGTRAQ
Type: UNKNOWN
20060410 Oracle read-only user can insert/update/delete data via specially crafted views

Source: BID
Type: UNKNOWN
17426

Source: CCN
Type: BID-17426
Oracle Database Access Restriction Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-1297

Source: XF
Type: UNKNOWN
oracle-base-table-data-manipulation(25696)

Source: XF
Type: UNKNOWN
oracle-base-table-data-manipulation(25696)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:enterprise_10.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:personal_10.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle10g:standard_10.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle oracle10g enterprise_10.1.0.2
    oracle oracle10g enterprise_10.1.0.3
    oracle oracle10g enterprise_10.1.0.3.1
    oracle oracle10g enterprise_10.1.0.4
    oracle oracle10g enterprise_10.2.3
    oracle oracle10g personal_10.1.0.2
    oracle oracle10g personal_10.1.0.3
    oracle oracle10g personal_10.1.0.3.1
    oracle oracle10g personal_10.1.0.4
    oracle oracle10g personal_10.2.3
    oracle oracle10g standard_10.1.0.2
    oracle oracle10g standard_10.1.0.3
    oracle oracle10g standard_10.1.0.3.1
    oracle oracle10g standard_10.1.0.4
    oracle oracle10g standard_10.1.0.4.2
    oracle oracle10g standard_10.1.0.5
    oracle oracle10g standard_10.2.0.1
    oracle oracle10g standard_10.2.3
    oracle oracle9i enterprise_9.2.0
    oracle oracle9i enterprise_9.2.0.1
    oracle oracle9i enterprise_9.2.0.2
    oracle oracle9i enterprise_9.2.0.3
    oracle oracle9i enterprise_9.2.0.5
    oracle oracle9i enterprise_9.2.0.6
    oracle oracle9i personal_9.2
    oracle oracle9i personal_9.2.0.1
    oracle oracle9i personal_9.2.0.2
    oracle oracle9i personal_9.2.0.3
    oracle oracle9i personal_9.2.0.5
    oracle oracle9i personal_9.2.0.6
    oracle oracle9i standard_9.2
    oracle oracle9i standard_9.2.0.1
    oracle oracle9i standard_9.2.0.2
    oracle oracle9i standard_9.2.0.3
    oracle oracle9i standard_9.2.0.5
    oracle oracle9i standard_9.2.0.6
    oracle oracle9i standard_9.2.0.7
    oracle oracle9i standard_9.2.3