#VU1043 Denial of service in Oracle products - CVE-2016-2848
Published: October 20, 2016 / Updated: January 11, 2017
Vulnerability identifier: #VU1043
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-2848
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ISC BIND
Oracle VM Server for x86
Oracle Linux
ISC BIND
Oracle VM Server for x86
Oracle Linux
Software vendor:
ISC
Oracle
ISC
Oracle
Description
The vulnerability allows a remote unauthenticated user to perform DoS attack on the targete system.
The weakness is due to insuffcient handling of options data in an OPT resource record. By sending a specially crafted DNS packet, attackers can trigger the named service to crash.
Successful exploitation of the vulnerability leads to denial of service on the vulnarable system.
The weakness is due to insuffcient handling of options data in an OPT resource record. By sending a specially crafted DNS packet, attackers can trigger the named service to crash.
Successful exploitation of the vulnerability leads to denial of service on the vulnarable system.
Remediation
Update to version 9.9.9-P3, 9.10.4-P3 or 9.11.0.