CVE-2009-1979

2009-10-22T18:30:00
ID CVE-2009-1979
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:39:00

Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html

The CVSS Base Score is 10.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 7.5, and the impacts for Confidentiality, Integrity and Availability are Partial+.