CVE-2009-1019

Oracle Database Server <=11.1.0.7 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1019. PoCs published by Dennis Yurichev.

AI-analyzed exploit summary This PoC exploits CVE-2009-1019, a remote vulnerability in Oracle Database's Network Authentication. It sends crafted TNS commands over the Oracle Net protocol to trigger the vulnerability, potentially leading to unauthorized access or denial of service.

Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dennis Yurichev · c++remotemultiple

https://www.exploit-db.com/exploits/33081

View Code ZIP pw:eip

This PoC exploits CVE-2009-1019, a remote vulnerability in Oracle Database's Network Authentication. It sends crafted TNS commands over the Oracle Net protocol to trigger the vulnerability, potentially leading to unauthorized access or denial of service.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database (9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.7)

No auth needed

Prerequisites: Network access to the target Oracle Database server on port 1521

MITRE ATT&CK