Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1979Oracle Database Server vulnerability

6 documents5 sources
Severity
10.0CRITICALNVD
EPSS
85.7%
top 0.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Oracle Database Server
Timeline
PublishedOct 22
Latest updateMay 2

Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server10.1.0.5, 10.2.0.4+1

🔴Vulnerability Details

2
GHSA
GHSA-p54g-mf9q-782r: Unspecified vulnerability in the Network Authentication component in Oracle Database 102022-05-02
CVEList
CVE-2009-1979: Unspecified vulnerability in the Network Authentication component in Oracle Database 102009-10-22

💥Exploits & PoCs

3
Exploit-DB
Oracle 10gR2 - TNS Listener AUTH_SESSKEY Buffer Overflow (Metasploit)2010-11-24
Exploit-DB
Oracle Database 10.1.0.5 < 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow2009-10-30
Metasploit
Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow
CVE-2009-1979 — Oracle Database Server vulnerability | cvebase