ID CVE-2009-1979
Summary Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html # The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 10-10-2018 - 19:39)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 36747
bugtraq 20091030 CVE-2009-1979 (Oracle RDBMS)
cert TA09-294A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
misc http://blogs.conus.info/node/28
osvdb 59110
sectrack 1023057
secunia 37027
Last major update 10-10-2018 - 19:39
Published 22-10-2009 - 18:30
Last modified 10-10-2018 - 19:39
Back to Top