DB: Oracle TNS AUTH_SESSKEY Buffer Overflow (CVE-2009-1979) (2)
This signature detects attempts to exploit a known vulnerability in the Oracle TNS listner. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
Oracle Network Authentication is prone to a remote buffer-overflow vulnerability. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker doesn't need specific privileges to exploit this vulnerability. Oracle Database 10g versions 10.1.0.5 and 10.2.0.4.
Affected Products
Oracle oracle10g_enterprise_edition
Short Name
DB:ORACLE:TNS:AUTH-SESSKEY-OF-2
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
(2) (CVE-2009-1979) AUTH_SESSKEY Buffer CVE-2009-1979 Oracle Overflow TNS bid:36747
Release Date
06/04/2010
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3538
False Positive
Unknown
Vendors
Oracle
CVSS Score
10.0