CVE-2009-1979 PoC (CPUoct2009) | blogs.conus.info

Syndicate

Recent comments

LoL
4 weeks 2 days ago
Any way to tell XE as distinct from a normal 10.2.0.1
5 weeks 6 days ago
and what is the ratio of
5 weeks 6 days ago
Safeguarding against modified binaries
6 weeks 2 days ago
o.O
7 weeks 6 hours ago
strings and sed are tools for
7 weeks 1 day ago
Didn't work on 11.1.0.7.2 on
7 weeks 2 days ago
Incorrect passwords doesn't
7 weeks 3 days ago
Another potential hole to open
7 weeks 3 days ago
I'm not familiar with unix
8 weeks 2 days ago

User login

Oracle RDBMS internals and security related websites (in ABC order):

Miladin Modrakovic
oraclue
Pete Finnigan
Tanel Poder
Yong Huang

CVE-2009-1979 PoC (CPUoct2009)

Fri, 10/30/2009 - 13:23 — dennis

This vulnerability was ranked 10.0 (for Windows) in CPUoct2009 and related to improper AUTH_SESSKEY parameter length validation.

(Executable + source code)

Comments

Thu, 11/19/2009 - 23:37 — Anonymous

tested it

I tried this example, but I don't see the overflow.
Did you only overwrite a few bytes in the example or?

reply