The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun JRE

computer vulnerability CVE-2007-2435

Java Web Start: privilege elevation via JNLP

Synthesis of the vulnerability

A malicious applet can access to local files of victim's computer via Java Web Start.
Impacted products: Java Oracle, RHEL.
Severity: 3/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Creation date: 02/05/2007.
Identifiers: 102881, 6461918, BID-23728, CERTA-2007-AVI-238, CERTA-2007-AVI-348, CVE-2007-2435, RHSA-2007:0817-01, RHSA-2007:0818-01, RHSA-2007:0829-01, RHSA-2008:0261-01, RHSA-2008:0524-01, VIGILANCE-VUL-6775.

Description of the vulnerability

The JNLP protocol (Java Networking Launching Protocol) permits to launch remote applets without installation.

A vulnerability was announced in JNLP, provided by Java Web Start. It permits a malicious applet to grant itself permissions to read or write files located on victim's computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 6633

JDK: information disclosure via JMX RMI-IIOP

Synthesis of the vulnerability

A local attacker can access to information of users of a JMX RMI-IIOP application.
Impacted products: Java Oracle, Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 12/03/2007.
Identifiers: 102835, 4984695, BID-22907, VIGILANCE-VUL-6633.

Description of the vulnerability

The JMX RMI-IIOP API is provided by Java Dynamic Management Kit (Java Management eXtensions, Remote Method Invocation over Internet Inter-ORB Protocol).

When a code has permission to create a JMX RMI-IIOP connector, but cannot access to some MBeans, this code can bypass this restriction.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-0243

Java SDK/JRE/JDK: memory corruption via a GIF image

Synthesis of the vulnerability

An attacker can create a Java applet loading a special GIF image in order to execute code on victim's computer.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES, TurboLinux.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 17/01/2007.
Revision date: 22/01/2007.
Identifiers: 102686, 102760, 6445518, 6466389, 6469538, BID-22085, c00876579, CERTA-2007-AVI-033, CVE-2007-0243, HPSBUX02196, RHSA-2007:0166-01, RHSA-2007:0167-01, RHSA-2007:0956-01, RHSA-2008:0261-01, RHSA-2008:0524-01, SSRT07138, SUSE-SA:2007:045, TLSA-2007-8, VIGILANCE-VUL-6476, VU#388289, ZDI-07-005.

Description of the vulnerability

A GIF image is composed of several blocks, each one supporting up to 256 colors. A GIF image can thus contain 400 colors by splitting image in two parts. Most software only support one block, so 256 colors, because compression of several independent blocks generates files of greater size than other image formats.

When an image contains two blocks, the JRE/JDK/SDK allocates memory size indicated by the second, but copies data from first. If size of the second block is for example null, memory is thus corrupted.

An attacker can therefore create a Java applet loading a special GIF image in order to execute code on victim's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-6731

JRE, JDK, SDK: two overflows

Synthesis of the vulnerability

Two overflows permit a malicious applet to execute code on user's computer.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/12/2006.
Revision date: 11/01/2007.
Identifiers: 102686, 102729, 102731, 6363511, 6363512, 6387628, 6393286, 6466389, 6469538, BID-21675, c00876579, CERTA-2006-AVI-570, CERTA-2007-AVI-121, CESA-2005-008, CVE-2006-6731, HPSBUX02196, RHSA-2007:0062-02, RHSA-2007:0072-01, RHSA-2007:0073-01, SSRT07138, SUSE-SA:2007:003, SUSE-SA:2007:010, VIGILANCE-VUL-6417, VU#149457, VU#939609.

Description of the vulnerability

The JRE environment contains several errors.

An attacker can call filter() method of java.awt.image.ConvolveOp in order to generate an integer overflow during the allocation of buffer to store an image. [severity:3/4]

An attacker can call filter() method of java.awt.image.ConvolveOp in order to generate a buffer overflow during the copy of an array. [severity:3/4]

Several missing negative value checks may also be exploited. [severity:3/4]

The two overflows permit a malicious applet to execute code on user's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-6736 CVE-2006-6737

JRE, JDK, SDK: access to data of other applets

Synthesis of the vulnerability

A malicious applet can access to data of other applets via two vulnerabilities.
Impacted products: NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 20/12/2006.
Identifiers: 102732, 6332750, 6378197, BID-21674, CVE-2006-6736, CVE-2006-6737, RHSA-2007:0062-02, RHSA-2007:0072-01, RHSA-2007:0073-01, SUSE-SA:2007:003, SUSE-SA:2007:010, SUSE-SA:2007:045, VIGILANCE-VUL-6419.

Description of the vulnerability

Two independent vulnerabilities permit a malicious applet to access to data of other applets.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2006-6745

JRE, JDK, SDK: privilege elevation via serialization

Synthesis of the vulnerability

A malicious applet can elevate its privileges via two vulnerabilities of serialization.
Impacted products: HP-UX, NLD, OES, openSUSE, Java Oracle, RHEL, SLES.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: document.
Creation date: 20/12/2006.
Identifiers: 102686, 102729, 102731, 6363511, 6363512, 6387628, 6393286, 6466389, 6469538, BID-21673, c00876579, CVE-2006-6745, HPSBUX02196, RHSA-2007:0062-02, RHSA-2007:0073-01, SSRT07138, SUSE-SA:2007:003, SUSE-SA:2007:010, SUSE-SA:2007:045, VIGILANCE-VUL-6416, VU#102289.

Description of the vulnerability

The Java Serialization API provides methods to convert an object to a block of bytes.

It contains two independent vulnerabilities, permitting a malicious applet or application to elevate its privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2006-6009

JDK, JRE: access to data of other applets

Synthesis of the vulnerability

A malicious Java applet can access to data of other applets.
Impacted products: Java Oracle.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 15/11/2006.
Identifiers: 102622, 102648, 6378707, 6466389, 6469538, BID-21077, CVE-2006-6009, VIGILANCE-VUL-6322.

Description of the vulnerability

A malicious Java applet can access to data of other applets, because of a vulnerability of javax.swing.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-4339 CVE-2006-4340 CVE-2006-4790

OpenSSL / GnuTLS / NSS: bypassing a PKCS#1 signature check

Synthesis of the vulnerability

An attacker can create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Impacted products: CiscoWorks, Cisco CSS, Cisco IPS, Cisco Prime Central for HCS, Secure ACS, WebNS, Debian, Fedora, FreeBSD, Tru64 UNIX, HP-UX, BIND, Mandriva Linux, Mandriva NF, NetBSD, OpenSSL, openSUSE, Oracle Directory Server, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Java Oracle, Solaris, Trusted Solaris, RHEL, Slackware, Sun AS, Sun Messaging, ASE, InterScan VirusWall, TurboLinux.
Severity: 2/4.
Consequences: data flow.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 05/09/2006.
Revisions dates: 07/09/2006, 14/09/2006, 15/09/2006.
Identifiers: 102622, 102648, 102686, 102696, 102722, 102744, 102759, 102781, 102970, 10332, 20060901-01-P, 200708, 201255, 6378707, 6466389, 6467218, 6469236, 6469538, 6472033, 6473089, 6473494, 6488248, 6499438, 6567841, 6568090, BID-19849, c00794048, c00849540, c00967144, cisco-sr-20061108-openssl, CSCek57074, CSCsg09619, CSCsg24311, CSCsg58599, CSCsg58607, CSCtx20378, CVE-2006-4339, CVE-2006-4340, CVE-2006-4790, DSA-1173-1, DSA-1174-1, DSA-1182-1, emr_na-c01070495-1, FEDORA-2006-953, FEDORA-2006-974, FEDORA-2006-979, FreeBSD-SA-06:19.openssl, HPSBTU02207, HPSBUX02165, HPSBUX02186, HPSBUX02219, MDKSA-2006:161, MDKSA-2006:166, MDKSA-2006:207, NetBSD-SA2006-023, RHSA-2006:0661, RHSA-2006:0680-01, RHSA-2008:0264-01, RHSA-2008:0525-01, RT #16460, secadv_20060905, SSA:2006-310-01, SSRT061213, SSRT061239, SSRT061266, SSRT061273, SSRT071299, SSRT071304, SUSE-SA:2006:055, SUSE-SA:2006:061, SUSE-SR:2006:023, SUSE-SR:2006:026, TLSA-2006-29, VIGILANCE-VUL-6140, VU#845620.

Description of the vulnerability

The RSA Algorithm uses the following principle:
  Cipher = Message^e (mod n)
  Cipher^d (mod n) = Message
With:
 - n is the product of two big prime numbers
 - e is the public exponent, generally 3, 17 or 65537

The PKCS #1 standard defines features and usage of RSA algorithm.

The crypto/rsa/rsa_sign.c file contains the RSA_verify() function. This function does not correctly manage long paddings. When the public exponent is small (3, or 17 if modulo uses 4096 bits), this error leads to validation of invalid signatures.

This vulnerability permits an attacker to create a malicious PKCS #1 signature which will be accepted as valid by OpenSSL, GnuTLS or NSS.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-4302

Java Plug-in, Java Web Start: forcing version to use

Synthesis of the vulnerability

An attacker can force Java Plug-in or Java Web Start to use an old version of JRE, even if a more recent version is available on user's computer.
Impacted products: Java Oracle, Solaris, Trusted Solaris.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 23/08/2006.
Identifiers: 102557, 6281384, CVE-2006-4302, VIGILANCE-VUL-6111.

Description of the vulnerability

An attacker can force Java Plug-in or Java Web Start to use an old version of JRE, even if a more recent version is available on user's computer.

A malicious applet can therefore request to be executed on a vulnerable version.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-0613

Java Web Start: privilege elevation

Synthesis of the vulnerability

A Java applet can bypass security restrictions setup by the Java Web Start environment.
Impacted products: Java Oracle.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Creation date: 16/02/2006.
Identifiers: 102170, 6339699, CERTA-2006-AVI-084, CERTA-2006-AVI-162, CVE-2006-0613, VIGILANCE-VUL-5624, VU#652636.

Description of the vulnerability

The Java Web Start technology is used to download a Java application/applet, to install it and to use it.

An application/applet can elevate its privileges. For example it can grant itself permissions to read and write local files.

This vulnerability may permit an attacker to run code on the computer.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun JRE: