CVE-2009-1979

Oracle Database <10.2.0.4 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2009-1979. PoCs published by Metasploit, Dennis Yurichev, jduck, including Metasploit module exploits/windows/oracle/tns_auth_sesskey.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Oracle 10gR2 TNS Listener via a malformed AUTH_SESSKEY value. It achieves remote code execution by leveraging SEH overwrites and precise payload delivery.

Description

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16342

This is a Metasploit module exploiting a stack buffer overflow in Oracle 10gR2 TNS Listener via a malformed AUTH_SESSKEY value. It achieves remote code execution by leveraging SEH overwrites and precise payload delivery.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle 10gR2 TNS Listener (10.2.0.1.0, 10.2.0.4.0)
No auth needed
Prerequisites: Network access to Oracle TNS Listener (port 1521) · Vulnerable Oracle version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Dennis Yurichev · c++remotewindows
https://www.exploit-db.com/exploits/9905

This exploit targets CVE-2009-1979, a vulnerability in Oracle TNS Listener. It crafts malicious TNS packets to trigger a buffer overflow, potentially leading to remote code execution. The code includes network communication functions to interact with the vulnerable service.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle TNS Listener (version not specified)
No auth needed
Prerequisites: Network access to the target Oracle TNS Listener on port 1521
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/oracle/tns_auth_sesskey.rb

This Metasploit module exploits a stack buffer overflow in Oracle 10gR2 TNS Listener via a maliciously crafted AUTH_SESSKEY value, leading to arbitrary code execution. It includes SEH-based exploitation and automatic target detection for specific Oracle versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle 10gR2 TNS Listener (10.2.0.1.0, 10.2.0.4.0)
No auth needed
Prerequisites: Network access to TNS Listener (port 1521) · Vulnerable Oracle version
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Various Sources x_refsource_misc
http://blogs.conus.info/node/28
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507598/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37027
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1023057
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-294A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36747
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/59110

Scores

EPSS 0.8575
EPSS Percentile 99.4%

Details

Status published
Products (2)
oracle/database_server 10.1.0.5
oracle/database_server 10.2.0.4
Published Oct 22, 2009
Tracked Since Feb 18, 2026