Vulnerabilities > CVE-2010-0071 - Remote Listener Memory Corruption vulnerability in Oracle Database

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

oracle

critical

nessus

exploit available

NVD

Published: 2010-01-13

Updated: 2012-10-23

Summary

Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 9.2.0.8 Oracle Database Server 9.2.0.8Dv Oracle Database Server 10.1.0.5 Oracle Database Server 10.2.0.4 Oracle Database Server 11.1.0.7	5

Exploit-Db

description	Oracle Database CVE-2010-0071 Remote Listener Memory Corruption Vulnerability. CVE-2010-0071. Dos exploits for multiple platform
id	EDB-ID:33506
last seen	2016-02-03
modified	2010-01-12
published	2010-01-12
reporter	Dennis Yurichev
source	https://www.exploit-db.com/download/33506/
title	Oracle Database - Remote Listener Memory Corruption Vulnerability

Nessus

NASL family	Databases
NASL id	ORACLE_RDBMS_CPU_JAN_2010.NASL
description	The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Oracle OLAP - Application Express Application Builder - Oracle Data Pump - Oracle Spatial - Logical Standby - RDBMS - Oracle Spatial - Unzip
last seen	2020-06-02
modified	2010-04-26
plugin id	45625
published	2010-04-26
reporter	This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/45625
title	Oracle Database Multiple Vulnerabilities (January 2010 CPU)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(45625); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2009-1996", "CVE-2009-3410", "CVE-2009-3411", "CVE-2009-3412", "CVE-2009-3413", "CVE-2009-3414", "CVE-2009-3415", "CVE-2010-0071", "CVE-2010-0072" ); script_bugtraq_id( 37728, 37729, 37730, 37731, 37733, 37738, 37740, 37743, 37745 ); script_name(english:"Oracle Database Multiple Vulnerabilities (January 2010 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Oracle OLAP - Application Express Application Builder - Oracle Data Pump - Oracle Spatial - Logical Standby - RDBMS - Oracle Spatial - Unzip"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?56a3eac7"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the January 2010 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/01/12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/26"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # JAN2010 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.2", "CPU", "9114072, 9209238"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.4", "CPU", "9166858"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.4", "CPU", "9166861"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.17", "CPU", "9119261"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.37", "CPU", "9187104"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.3", "CPU", "9119226, 9119284"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.30", "CPU", "9169457"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.30", "CPU", "9169460"); check_oracle_database(patches:patches, high_risk:TRUE);

Packetstorm

data source	https://packetstormsecurity.com/files/download/85518/CVE-2010-0071.py.txt
id	PACKETSTORM:85518
last seen	2016-12-05
published	2010-01-22
reporter	Dennis Yurichev
source	https://packetstormsecurity.com/files/85518/Oracle-TNS-Listener-Denial-Of-Service.html
title	Oracle TNS Listener Denial Of Service

Seebug

bulletinFamily	exploit
description	No description provided by source.
id	SSV:86722
last seen	2017-11-19
modified	2014-07-01
published	2014-07-01
reporter	Root
source	https://www.seebug.org/vuldb/ssvid-86722
title	Oracle Database Remote Listener Memory Corruption Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Packetstorm

Seebug

References