Vulnerabilities > CVE-2009-1996 - Unspecified vulnerability in Oracle Database Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
nessus
Summary
Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-3909.NASL description - Mon May 12 2008 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.4-8 - fixed DoS vulnerability - CVE-2009-1996 - Mon Nov 26 2007 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.4-7 - fixed sigsegv when new user requested authorization - Resolves: #389731 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32341 published 2008-05-16 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32341 title Fedora 7 : licq-1.3.4-8.fc7 (2008-3909) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-3909. # include("compat.inc"); if (description) { script_id(32341); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-1996"); script_xref(name:"FEDORA", value:"2008-3909"); script_name(english:"Fedora 7 : licq-1.3.4-8.fc7 (2008-3909)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon May 12 2008 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.4-8 - fixed DoS vulnerability - CVE-2009-1996 - Mon Nov 26 2007 Jiri Moskovcak <jmoskovc at redhat.com> 1.3.4-7 - fixed sigsegv when new user requested authorization - Resolves: #389731 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=445236" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-May/009907.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d55f1e39" ); script_set_attribute(attribute:"solution", value:"Update the affected licq package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:licq"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/05/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"licq-1.3.4-8.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "licq"); }NASL family Databases NASL id ORACLE_RDBMS_CPU_JAN_2010.NASL description The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Oracle OLAP - Application Express Application Builder - Oracle Data Pump - Oracle Spatial - Logical Standby - RDBMS - Oracle Spatial - Unzip last seen 2020-06-02 modified 2010-04-26 plugin id 45625 published 2010-04-26 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45625 title Oracle Database Multiple Vulnerabilities (January 2010 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(45625); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2009-1996", "CVE-2009-3410", "CVE-2009-3411", "CVE-2009-3412", "CVE-2009-3413", "CVE-2009-3414", "CVE-2009-3415", "CVE-2010-0071", "CVE-2010-0072" ); script_bugtraq_id( 37728, 37729, 37730, 37731, 37733, 37738, 37740, 37743, 37745 ); script_name(english:"Oracle Database Multiple Vulnerabilities (January 2010 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Oracle OLAP - Application Express Application Builder - Oracle Data Pump - Oracle Spatial - Logical Standby - RDBMS - Oracle Spatial - Unzip"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56a3eac7"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2010 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/26"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # JAN2010 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.2", "CPU", "9114072, 9209238"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.4", "CPU", "9166858"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.4", "CPU", "9166861"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.17", "CPU", "9119261"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.37", "CPU", "9187104"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.3", "CPU", "9119226, 9119284"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.30", "CPU", "9169457"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.30", "CPU", "9169460"); check_oracle_database(patches:patches, high_risk:TRUE);