VulDB: Oracle Database unknown vulnerability [CVE-2009-0972]
General
scipID: 3953
Affected: Oracle Database
Published: 04/15/2009
Risk: 
very critical
Entry: 89.5% complete
Created: 04/17/2009
Updated: 09/03/2012
Summary
A vulnerability was found in Oracle Database and classified as very critical. The impact remains unknown.
The weakness was presented 04/15/2009 with Oracle. The identification of this vulnerability is CVE-2009-0972 since 03/19/2009. The attack may be initiated remotely. Neither technical details nor an exploit are publicly available.
The vulnerability scanner Nessus provides a plugin with the ID 56064 (Oracle Database, April 2009 Critical Patch Update), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Databases, running in the context local and relying on port 1521.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at metalink.oracle.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (53727), Secunia (SA34693), SecurityFocus (BID 34461) and SecurityTracker (ID 1022052).CVSS
Base Score: 4.6 (CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Local: No
Remote: Yes
Availability: No
Nessus ID: 56064
Nessus Name: Oracle Database, April 2009 Critical Patch Update
Nessus Family: Databases
Nessus Context: local
Nessus Port: 1521
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Patch: metalink.oracle.com
Timeline
03/19/2009 | CVE assigned
04/15/2009 | Advisory disclosed
04/15/2009 | Countermeasure disclosed
04/15/2009 | OSVDB entry created
04/17/2009 | VulDB entry created
11/16/2011 | Nessus plugin released
09/03/2012 | VulDB entry updated
Sources
Company: Oracle
Confirmation: oracle.com
OSVDB: 53727
CVE: CVE-2009-0972 (mitre.org) (nist.org) (cvedetails.com)
Secunia: 34693
SecurityFocus: 34461
SecurityTracker: 1022052
- Latest Entries
- EMC RSA Authentication API Encryption Key information disclosure
- Cisco Secure Access Control System Web Interface weak authentication
- Python ssl.match_hostname() denial of service
- Mozilla Firefox/Thunderbird nsContentUtils::RemoveScriptBlocker buffer overflow
- Mozilla Firefox/Thunderbird nsFrameList::FirstChild buffer overflow
- Statistics
- Archive
