The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun JRE

computer vulnerability alert CVE-2007-0243

Java SDK/JRE/JDK: memory corruption via a GIF image

Synthesis of the vulnerability

An attacker can create a Java applet loading a special GIF image in order to execute code on victim's computer.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES, TurboLinux.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 17/01/2007.
Revision date: 22/01/2007.
Identifiers: 102686, 102760, 6445518, 6466389, 6469538, BID-22085, c00876579, CERTA-2007-AVI-033, CVE-2007-0243, HPSBUX02196, RHSA-2007:0166-01, RHSA-2007:0167-01, RHSA-2007:0956-01, RHSA-2008:0261-01, RHSA-2008:0524-01, SSRT07138, SUSE-SA:2007:045, TLSA-2007-8, VIGILANCE-VUL-6476, VU#388289, ZDI-07-005.

Description of the vulnerability

A GIF image is composed of several blocks, each one supporting up to 256 colors. A GIF image can thus contain 400 colors by splitting image in two parts. Most software only support one block, so 256 colors, because compression of several independent blocks generates files of greater size than other image formats.

When an image contains two blocks, the JRE/JDK/SDK allocates memory size indicated by the second, but copies data from first. If size of the second block is for example null, memory is thus corrupted.

An attacker can therefore create a Java applet loading a special GIF image in order to execute code on victim's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-6731

JRE, JDK, SDK: two overflows

Synthesis of the vulnerability

Two overflows permit a malicious applet to execute code on user's computer.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/12/2006.
Revision date: 11/01/2007.
Identifiers: 102686, 102729, 102731, 6363511, 6363512, 6387628, 6393286, 6466389, 6469538, BID-21675, c00876579, CERTA-2006-AVI-570, CERTA-2007-AVI-121, CESA-2005-008, CVE-2006-6731, HPSBUX02196, RHSA-2007:0062-02, RHSA-2007:0072-01, RHSA-2007:0073-01, SSRT07138, SUSE-SA:2007:003, SUSE-SA:2007:010, VIGILANCE-VUL-6417, VU#149457, VU#939609.

Description of the vulnerability

The JRE environment contains several errors.

An attacker can call filter() method of java.awt.image.ConvolveOp in order to generate an integer overflow during the allocation of buffer to store an image. [severity:3/4]

An attacker can call filter() method of java.awt.image.ConvolveOp in order to generate a buffer overflow during the copy of an array. [severity:3/4]

Several missing negative value checks may also be exploited. [severity:3/4]

The two overflows permit a malicious applet to execute code on user's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-6736 CVE-2006-6737

JRE, JDK, SDK: access to data of other applets

Synthesis of the vulnerability

A malicious applet can access to data of other applets via two vulnerabilities.
Impacted products: NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/12/2006.
Identifiers: 102732, 6332750, 6378197, BID-21674, CVE-2006-6736, CVE-2006-6737, RHSA-2007:0062-02, RHSA-2007:0072-01, RHSA-2007:0073-01, SUSE-SA:2007:003, SUSE-SA:2007:010, SUSE-SA:2007:045, VIGILANCE-VUL-6419.

Description of the vulnerability

Two independent vulnerabilities permit a malicious applet to access to data of other applets.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-6745

JRE, JDK, SDK: privilege elevation via serialization

Synthesis of the vulnerability

A malicious applet can elevate its privileges via two vulnerabilities of serialization.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 20/12/2006.
Identifiers: 102686, 102729, 102731, 6363511, 6363512, 6387628, 6393286, 6466389, 6469538, BID-21673, c00876579, CVE-2006-6745, HPSBUX02196, RHSA-2007:0062-02, RHSA-2007:0073-01, SSRT07138, SUSE-SA:2007:003, SUSE-SA:2007:010, SUSE-SA:2007:045, VIGILANCE-VUL-6416, VU#102289.

Description of the vulnerability

The Java Serialization API provides methods to convert an object to a block of bytes.

It contains two independent vulnerabilities, permitting a malicious applet or application to elevate its privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-6009

JDK, JRE: access to data of other applets

Synthesis of the vulnerability

A malicious Java applet can access to data of other applets.
Impacted products: Java Oracle.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 15/11/2006.
Identifiers: 102622, 102648, 6378707, 6466389, 6469538, BID-21077, CVE-2006-6009, VIGILANCE-VUL-6322.

Description of the vulnerability

A malicious Java applet can access to data of other applets, because of a vulnerability of javax.swing.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-4339 CVE-2006-4340 CVE-2006-4790

OpenSSL / GnuTLS / NSS: bypassing a PKCS#1 signature check

Synthesis of the vulnerability

An attacker can create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Impacted products: CiscoWorks, Cisco CSS, Cisco IPS, Cisco Prime Central for HCS, Secure ACS, WebNS, Debian, Fedora, FreeBSD, Tru64 UNIX, HP-UX, BIND, Mandriva Linux, Mandriva NF, NetBSD, OpenSSL, openSUSE, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Solaris, Trusted Solaris, RHEL, Slackware, Sun AS, Sun Messaging, ASE, InterScan VirusWall, TurboLinux.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/09/2006.
Revisions dates: 07/09/2006, 14/09/2006, 15/09/2006.
Identifiers: 102622, 102648, 102686, 102696, 102722, 102744, 102759, 102781, 102970, 10332, 20060901-01-P, 200708, 201255, 6378707, 6466389, 6467218, 6469236, 6469538, 6472033, 6473089, 6473494, 6488248, 6499438, 6567841, 6568090, BID-19849, c00794048, c00849540, c00967144, cisco-sr-20061108-openssl, CSCek57074, CSCsg09619, CSCsg24311, CSCsg58599, CSCsg58607, CSCtx20378, CVE-2006-4339, CVE-2006-4340, CVE-2006-4790, DSA-1173-1, DSA-1174-1, DSA-1182-1, emr_na-c01070495-1, FEDORA-2006-953, FEDORA-2006-974, FEDORA-2006-979, FreeBSD-SA-06:19.openssl, HPSBTU02207, HPSBUX02165, HPSBUX02186, HPSBUX02219, MDKSA-2006:161, MDKSA-2006:166, MDKSA-2006:207, NetBSD-SA2006-023, RHSA-2006:0661, RHSA-2006:0680-01, RHSA-2008:0264-01, RHSA-2008:0525-01, RT #16460, secadv_20060905, SSA:2006-310-01, SSRT061213, SSRT061239, SSRT061266, SSRT061273, SSRT071299, SSRT071304, SUSE-SA:2006:055, SUSE-SA:2006:061, SUSE-SR:2006:023, SUSE-SR:2006:026, TLSA-2006-29, VIGILANCE-VUL-6140, VU#845620.

Description of the vulnerability

The RSA Algorithm uses the following principle:
  Cipher = Message^e (mod n)
  Cipher^d (mod n) = Message
With:
 - n is the product of two big prime numbers
 - e is the public exponent, generally 3, 17 or 65537

The PKCS #1 standard defines features and usage of RSA algorithm.

The crypto/rsa/rsa_sign.c file contains the RSA_verify() function. This function does not correctly manage long paddings. When the public exponent is small (3, or 17 if modulo uses 4096 bits), this error leads to validation of invalid signatures.

This vulnerability permits an attacker to create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-4302

Java Plug-in, Java Web Start: forcing version to use

Synthesis of the vulnerability

An attacker can force Java Plug-in or Java Web Start to use an old version of JRE, even if a more recent version is available on user's computer.
Impacted products: Java Oracle, Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 23/08/2006.
Identifiers: 102557, 6281384, CVE-2006-4302, VIGILANCE-VUL-6111.

Description of the vulnerability

An attacker can force Java Plug-in or Java Web Start to use an old version of JRE, even if a more recent version is available on user's computer.

A malicious applet can therefore request to be executed on a vulnerable version.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-0613

Java Web Start: privilege elevation

Synthesis of the vulnerability

A Java applet can bypass security restrictions setup by the Java Web Start environment.
Impacted products: Java Oracle.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 16/02/2006.
Identifiers: 102170, 6339699, CERTA-2006-AVI-084, CERTA-2006-AVI-162, CVE-2006-0613, VIGILANCE-VUL-5624, VU#652636.

Description of the vulnerability

The Java Web Start technology is used to download a Java application/applet, to install it and to use it.

An application/applet can elevate its privileges. For example it can grant itself permissions to read and write local files.

This vulnerability may permit an attacker to run code on the computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-0614 CVE-2006-0615 CVE-2006-0616

JRE, JDK, SDK: several vulnérabilities

Synthesis of the vulnerability

Several vulnerabilities of Java environment permit an applet to elevate its privileges.
Impacted products: WebSphere AS Traditional, Java Oracle, TurboLinux.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/02/2006.
Identifiers: 102171, 6343342, CVE-2006-0614, CVE-2006-0615, CVE-2006-0616, CVE-2006-0617, PK19792, PK19794, PK19795, TLSA-2006-4, VIGILANCE-VUL-5595, VU#759996.

Description of the vulnerability

The Java environments (JRE, JDK, SDK) can use the reflection API in order to create development tools such as debuggers, class browsers, etc.

Seven vulnerabilities related to "reflection API" permit a Java applet to read or write local files, or to run programs.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-3904 CVE-2005-3905 CVE-2005-3906

JRE, JDK, SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java environment permit an applet to elevate its privileges.
Impacted products: WebSphere AS Traditional, Windows (platform) ~ not comprehensive, openSUSE, Java Oracle, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 29/11/2005.
Revision date: 19/01/2006.
Identifiers: 102003, 102017, 102050, 1225628, 6243400, 6263857, 6268876, 6277266, 6277659, BID-15615, CERTA-2005-AVI-474, CVE-2005-3904, CVE-2005-3905, CVE-2005-3906, CVE-2005-3907, SUSE-SR:2006:001, swg21225628, VIGILANCE-VUL-5376, VU#355284, VU#931684, VU#974188.

Description of the vulnerability

The Java environments (JRE, JDK, SDK) contains 5 vulnerabilities.

Three vulnerabilities related to "reflection API" permit a Java applet to read or write local files, or to run programs (versions 1.3, 1.4 and 5).

One vulnerability related to JMX (Java Management Extensions) permits a Java applet to read or write local files, or to run programs (version 5).

One unknown vulnerability permits a Java applet to read or write local files, or to run programs (version 5).
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun JRE: