Oracle Database Enterprise Edition 11.1, 11.2
This vulnerability was discovered and researched by Martin Rakhmanov of Application Security Inc.
Renaming a table having flashback archive, using specially crafted table name triggers internal SQL injection. This allows users to execute code with elevated privileges.
An attacker having control over a flashback-enabled table can get SYSDBA privileges.
Vendor was contacted and a patch was released.
Do not grant flashback archive privilege to untrusted users. Limit access to flashback-enabled tables to trusted users only.
Apply Oracle Critical Patch Update October 2012 available at Oracle Support.
Vendor Notification – 1/23/2012
Vendor Response – 1/26/2012
Fix – 16/10/2012
Public Disclosure – 20/02/2013