CVE-2009-1979
CVE-2009-1979
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/16342unverifiedexploitdbwww.exploit-db.com/exploits/9905unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blogs.conus.info/node/28http://osvdb.org/59110http://secunia.com/advisories/37027http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.htmlhttp://www.securityfocus.com/archive/1/507598/100/0/threadedhttp://www.securityfocus.com/bid/36747http://www.securitytracker.com/id?1023057http://www.us-cert.gov/cas/techalerts/TA09-294A.html