Oracle Java Remote DNS Poisoning via Port Exhausion

Aleph Research Advisory

Identifier

CVE-2010-4448

Severity

High

Product

Oracle Java

Vulnerable Version

Oracle Java before version 1.6u29

Mitigation

Upgrade to Oracle Java 1.6u29.

Technical Details

In Java, it is possible to create low-level system UDP sockets using the java.net.Socket API. These sockets can be bound on arbitrary ports. Furthermore, by using the Java Applet API, attackers can create Java code which is triggered upon visiting their web-page. This, together with the fact that Java fails to restrict the number of concurrent sockets, enables attackers to conduct a DNS poisoning attack on the visiting machine using the port exhaustion technique mentioned in the paper.

Timeline

01-Mar-17
: Added as ALEPH-2010000.
18-Oct-11
: Public disclosure.

Credit

Roee Hay (@roeehay) of Aleph Research, HCL Technologies
Yair Amit (@yairamit)

External References

Paper: DNS Poisoning via Port Exhaustion