OCaml CVE-2015-8869 Multiple Security Vulnerabilities



OCaml is prone to the following vulnerabilities:

1. A buffer-overflow vulnerability
2. A information disclosure vulnerability

Successfully exploiting these issues may allow an attacker to execute arbitrary code and may allow an attacker to gain access to sensitive information. Failed attacks may cause a denial of service condition. This may aid in launching further attacks.

OCaml versions 4.02.3 and prior are vulnerable.

Information

Bugtraq ID: 89318
Class: Input Validation Error
CVE: CVE-2015-8869

Remote: Yes
Local: No
Published: May 29 2016 12:00AM
Updated: Oct 04 2017 01:01PM
Credit: Pascal Cuoq.
Vulnerable: Ubuntu Ubuntu Linux 14.04 LTS
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 6
Oracle Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
OCaml OCaml 3.12.1
OCaml OCaml 4.02.3
Gentoo Linux


Not Vulnerable: OCaml OCaml 4.03.0


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts