You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "Daniel John Debrunner (JIRA)" <ji...@apache.org> on 2007/07/07 03:36:04 UTC
[jira] Updated: (DERBY-2437) SYSCS_EXPORT_TABLE can be used to
overwrite derby files
[ https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel John Debrunner updated DERBY-2437:
-----------------------------------------
Affects Version/s: 10.4.0.0
10.3.1.1
10.3.1.0
10.3.0.0
10.0.2.0
10.0.2.1
10.1.1.0
10.1.2.1
10.1.3.1
10.2.1.6
10.2.2.0
Think this affects all releases. The ability to export BLOB types might make it more serious in 10.3
> SYSCS_EXPORT_TABLE can be used to overwrite derby files
> -------------------------------------------------------
>
> Key: DERBY-2437
> URL: https://issues.apache.org/jira/browse/DERBY-2437
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1, 10.2.1.6, 10.2.2.0, 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
> Reporter: Daniel John Debrunner
> Priority: Critical
>
> here are no controls over which files SYSCS_EXPORT_TABLE can write, thus allowing any user that has permission to execute the procedure to try and modufy information that they have no permissions to do.
> In a similar fashion to the one described in DERBY-2436 I could overwrite derby.properties at least leaqding to a dnial of service attack on the next re-boot.
> With more time it might be possible to write out a valid properties file which would allow chaning the authentication, silentaly adding a new user etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.