CVE-2009-1979 - Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10

CVE-2009-1979

Summary

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html # The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.

References

Vulnerable Configurations

cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 10-10-2018 - 19:39)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	36747
bugtraq	20091030 CVE-2009-1979 (Oracle RDBMS)
cert	TA09-294A
confirm	http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
misc	http://blogs.conus.info/node/28
osvdb	59110
sectrack	1023057
secunia	37027

Last major update

10-10-2018 - 19:39

Published

22-10-2009 - 18:30

Last modified

10-10-2018 - 19:39