Nytro Posted January 23, 2015 Report Posted January 23, 2015 Privilege EscalationviaOracle IndexesDavid Litchfield [david.litchfield@datacom.com.au]21st January 2015© Copyright Datacom TSSDatacom TSSIntroductionTo speed up querying of large datasets most database servers allow table data to be indexed. InOracle, in order to be able to create an index on a table, the user must either own the table, orhave the INDEX object privilege on the table, or have the CREATE ANY INDEX systemprivilege. If a user has either of these privileges, then a security hole is opened up whereby theycan execute arbitrary SQL as the owner of the table by creating a function-based index on thetable. If the table in question is owned by a highly privileged user such as SYS or SYSTEM thenthe database server becomes dangerously exposed as it provides the attacker the ability to fullycompromise the system.The PUBLIC role has (in the past) been granted the INDEX privilege on the following tables,product and options dependant:SYS.DUALSYS.OLAPTABLEVELSSYS.OLAPTABLEVELTUPLESSYSTEM.OLAP_SESSION_CUBESSYSTEM.OLAP_SESSION_DIMSSYSTEM.PLAN_TABLEFLOWS_FILES.WWV_FLOW_FILE_OBJECT$TOAD.TOAD_PLAN_TABLEDownload: http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf Quote
