10.2.0.4

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

oracle

critical

nessus

exploit available

metasploit

NVD

Published: 2009-10-22

Updated: 2018-10-10

Summary

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html # The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 10.1.0.5 Oracle Database Server 10.2.0.4	2

Exploit-Db

description	Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow. CVE-2009-1979. Remote exploit for windows platform
id	EDB-ID:16342
last seen	2016-02-01
modified	2010-11-24
published	2010-11-24
reporter	metasploit
source	https://www.exploit-db.com/download/16342/
title	Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow

description	Oracle Network Authentication - Remote Buffer Overflow Vulnerability. CVE-2009-1979. Remote exploit for windows platform
id	EDB-ID:9905
last seen	2016-02-01
modified	2009-10-30
published	2009-10-30
reporter	Dennis Yurichev
source	https://www.exploit-db.com/download/9905/
title	Oracle Database 10.1.0.5 <= 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Vulnerability

Metasploit

description	This module exploits a stack buffer overflow in Oracle. When sending a specially crafted packet containing a long AUTH_SESSKEY value to the TNS service, an attacker may be able to execute arbitrary code.
id	MSF:EXPLOIT/WINDOWS/ORACLE/TNS_AUTH_SESSKEY
last seen	2020-03-18
modified	2017-07-24
published	2010-01-21
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1979 http://blogs.conus.info/node/28 http://blogs.conus.info/node/35 http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/oracle/tns_auth_sesskey.rb
title	Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_OCT_2009.NASL
description	The remote Oracle database server is missing the October 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Auditing - Authentication - Core RDBMS - Data Mining - Data Pump - Network Authentication - Net Foundation Layer - Oracle Spatial - Oracle Text - PL/SQL - Workspace Manager
last seen	2020-06-02
modified	2011-11-16
plugin id	56066
published	2011-11-16
reporter	This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/56066
title	Oracle Database Multiple Vulnerabilities (October 2009 CPU)
code	# # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(56066); script_version("1.16"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2009-1007", "CVE-2009-1018", "CVE-2009-1964", "CVE-2009-1965", "CVE-2009-1971", "CVE-2009-1972", "CVE-2009-1979", "CVE-2009-1985", "CVE-2009-1991", "CVE-2009-1992", "CVE-2009-1993", "CVE-2009-1994", "CVE-2009-1995", "CVE-2009-1997", "CVE-2009-2000", "CVE-2009-2001" ); script_bugtraq_id( 36742, 36743, 36744, 36745, 36747, 36748, 36750, 36751, 36752, 36754, 36755, 36756, 36758, 36759, 36760, 36765 ); script_name(english:"Oracle Database Multiple Vulnerabilities (October 2009 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the October 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Auditing - Authentication - Core RDBMS - Data Mining - Data Pump - Network Authentication - Net Foundation Layer - Oracle Spatial - Oracle Text - PL/SQL - Workspace Manager"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a9c2097"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the October 2009 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/10/20"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/16"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # OCT2009 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.1", "CPU", "8836375, 8833297"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.3", "CPU", "8928976"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.3", "CPU", "8928977"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.16", "CPU", "8836540"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.36", "CPU", "8785211"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.2", "CPU", "8836308, 8833280"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.26", "CPU", "8880857"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.26", "CPU", "8880861"); check_oracle_database(patches:patches, high_risk:TRUE);

Packetstorm

data source	https://packetstormsecurity.com/files/download/85495/tns_auth_sesskey.rb.txt
id	PACKETSTORM:85495
last seen	2016-12-05
published	2010-01-22
reporter	jduck
source	https://packetstormsecurity.com/files/85495/Oracle-TNS-Listener-AUTH_SESSKEY-Buffer-Overflow..html
title	Oracle TNS Listener AUTH_SESSKEY Buffer Overflow.

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:12802
last seen	2017-11-19
modified	2009-11-09
published	2009-11-09
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-12802
title	Oracle Network Authentication CVE-2009-1979 Remote Buffer Overflow Vulnerability

bulletinFamily	exploit
description	No description provided by source.
id	SSV:66963
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-66963
title	Oracle Database 10.1.0.5 - 10.2.0.4 - AUTH_SESSKEY Length Validation Remote Buffer Overflow Vulnerability

bulletinFamily	exploit
description	No description provided by source.
id	SSV:12818
last seen	2017-11-19
modified	2009-10-30
published	2009-10-30
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-12818
title	Oracle Database 10.1.0.5 - 10.2.0.4 AUTH_SESSKEY length validation exploit

bulletinFamily	exploit
description	BUGTRAQ ID: 36747 CVE(CAN) ID: CVE-2009-1979 Oracle Database是一款商业性质大型数据库系统。远程攻击者可以通过Oracle Net协议向Oracle数据库的Network Authentication组件发送恶意报文导致执行任意代码。 Oracle Database 10.2.0.4 Oracle Database 10.1.0.5 厂商补丁： Oracle ------ Oracle已经为此发布了一个安全公告（cpuoct2009）以及相应补丁: cpuoct2009：Oracle Critical Patch Update Advisory - October 2009 链接：http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
id	SSV:12562
last seen	2017-11-19
modified	2009-11-03
published	2009-11-03
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-12562
title	Oracle Network Authentication组件远程代码执行漏洞

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Nessus

Packetstorm

Seebug

References