#VU719 Denial of service in Oracle Linux and macOS


| Updated: 2017-01-12

Vulnerability identifier: #VU719

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-0778

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Oracle Linux
Operating systems & Components / Operating system
macOS
Operating systems & Components / Operating system

Vendor: Oracle
Apple Inc.

Description
The vulnerability allows a remote user to cause denial of service conditions on the target system.
The weakness is due to insufficient access control that allows attackers to cause the service deny.
Successful exploitation of the vulnerability leads to denial of service on the vulnerable system.

Vulnerable software versions

Oracle Linux: 7

macOS: 10.11 - 10.11.3

External links
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://support.apple.com/cs-cz/HT206167

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM XIV Gen2
Multiple vulnerabilities in IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru Firmware and QLogic Virtual Fabric Extension Module for IBM BladeCenter
Multiple vulnerabilities in IBM XIV Gen3
Amazon Linux AMI update for openssh
Gentoo update for OpenSSH
Debian update for openssh
Slackware Linux update for openssh
OpenSUSE Linux update for openssh
OpenSUSE Linux update for openssh
Denial of service in openssh (Alpine package)