[
https://issues.apache.org/jira/browse/DERBY-2437?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Matrigali updated DERBY-2437:
----------------------------------
I think that a creative hacker could use long varchar in pre-10.3 release to do
almost all the kinds of things that dan describes being able to do with 10.3
for export. About the only hard thing is the delimiter which might present
problems depending on the actual ddl of the table being attacked.
> SYSCS_EXPORT_TABLE can be used to overwrite derby files
> -------------------------------------------------------
>
> Key: DERBY-2437
> URL: https://issues.apache.org/jira/browse/DERBY-2437
> Project: Derby
> Issue Type: Bug
> Components: Security
> Affects Versions: 10.0.2.0, 10.0.2.1, 10.1.1.0, 10.1.2.1, 10.1.3.1,
> 10.2.1.6, 10.2.2.0, 10.3.0.0, 10.3.1.0, 10.3.1.1, 10.4.0.0
> Reporter: Daniel John Debrunner
> Priority: Critical
>
> here are no controls over which files SYSCS_EXPORT_TABLE can write, thus
> allowing any user that has permission to execute the procedure to try and
> modufy information that they have no permissions to do.
> In a similar fashion to the one described in DERBY-2436 I could overwrite
> derby.properties at least leaqding to a dnial of service attack on the next
> re-boot.
> With more time it might be possible to write out a valid properties file
> which would allow chaning the authentication, silentaly adding a new user etc.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
