Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1979

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1979
Last Modified 22 Oct 2012 11:07:27
Published 22 Oct 2009 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1979

Summary

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 10.2.0.4


References

CERT - TA09-294A

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

SECTRACK - 1023057

BID - 36747

BUGTRAQ - 20091030 CVE-2009-1979 (Oracle RDBMS)

SECUNIA - 37027

OSVDB - 59110

MISC - http://blogs.conus.info/node/28

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html


Last Updated: 27 May 2016 10:51:43