The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Sun Java

computer vulnerability CVE-2009-2625

Apache Xerces2 Java, Java JRE/JDK, OpenJDK: memory corruption via XML

Synthesis of the vulnerability

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in Apache Xerces2 Java, Java JRE/JDK or OpenJDK.
Impacted products: Xerces Java, Debian, HP-UX, Mandriva Linux, Java OpenJDK, openSUSE, Oracle GlassFish Server, Java Oracle, RHEL, JBoss EAP by Red Hat, Slackware, Sun AS, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/08/2009.
Revision date: 09/12/2009.
Identifiers: 272209, 6870754, BID-35958, CVE-2009-2625, DSA-1984-1, FICORA #245608, HPSBUX02476, MDVSA-2011:108, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1505-01, RHSA-2009:1582-01, RHSA-2009:1615-01, RHSA-2011:0858-01, RHSA-2012:0725-01, RHSA-2012:1232-01, RHSA-2012:1537-01, RHSA-2013:0763-01, SSA:2011-041-02, SSRT090250, SUSE-SR:2009:014, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:011, SUSE-SR:2010:013, SUSE-SR:2010:014, SUSE-SR:2010:015, VIGILANCE-VUL-8925.

Description of the vulnerability

The Apache Xerces2 Java, Java JRE/JDK and OpenJDK products manage XML data. They share the same vulnerability.

An attacker can create XML data containing a malicious byte which corrupts the memory, in order to create a denial of service or to execute code in these products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-3728 CVE-2009-3729 CVE-2009-3864

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HPE NNMi, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, vCenter Server, VirtualCenter.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 04/11/2009.
Revision date: 12/11/2009.
Identifiers: 269868, 269869, 269870, 270474, 270475, 270476, 6631533, 6636650, 6657026, 6657138, 6664512, 6815780, 6822057, 6824265, 6854303, 6862968, 6862969, 6862970, 6863503, 6864911, 6869694, 6869752, 6870531, 6872357, 6872358, 6872824, 6874643, BID-36881, c01997760, c03005726, c03405642, CERTA-2011-AVI-523, CERTA-2011-AVI-651, CERTA-2012-AVI-395, CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, FEDORA-2009-11486, FEDORA-2009-11490, HPSBMU02703, HPSBMU02799, HPSBUX02503, MDVSA-2010:084, RHSA-2009:1560-01, RHSA-2009:1571-01, RHSA-2009:1584-01, RHSA-2009:1643-01, RHSA-2009:1647-01, RHSA-2009:1662-01, RHSA-2009:1694-01, RHSA-2010:0043-01, RHSA-2010:0408-01, SSRT100019, SSRT100242, SSRT100867, SUSE-SA:2009:058, SUSE-SA:2010:002, SUSE-SA:2010:003, SUSE-SA:2010:004, VIGILANCE-VUL-9156, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3, ZDI-09-076, ZDI-09-077, ZDI-09-078, ZDI-09-079, ZDI-09-080.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK.

The Java Update mechanism on non-english versions does not update the JRE when a new version is available. [severity:1/4; 269868, 6869694, BID-36881, CVE-2009-3864]

A command execution vulnerability in the Java Runtime Environment Deployment Toolkit can be used in order to execute arbitrary code. [severity:3/4; 269869, 6869752, BID-36881, CVE-2009-3865]

A vulnerability in the Java Web Start Installer may be leveraged to allow untrusted Java Web Start Application to run as a trusted application. [severity:3/4; 269870, 6869752, 6872824, BID-36881, CVE-2009-3866, ZDI-09-077]

Multiple buffer and integer overflow vulnerabilities in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. [severity:3/4; 270474, 6854303, 6862968, 6862969, 6862970, 6872357, 6872358, 6874643, BID-36881, CERTA-2011-AVI-523, CERTA-2011-AVI-651, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, ZDI-09-076, ZDI-09-078, ZDI-09-079, ZDI-09-080]

A security vulnerability in the Java Runtime Environment with verifying HMAC digests may allow authentication to be bypassed. [severity:3/4; 270475, 6863503, BID-36881, CVE-2009-3875]

A vulnerability in the Java Runtime Environment with decoding DER encoded data may allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition. [severity:3/4; 270476, 6864911, BID-36881, CVE-2009-3876]

A vulnerability in the Java Runtime Environment with parsing HTTP headers may allow a remote client to cause the JRE on the server to run out of memory, resulting in a DoS (Denial of Service) condition. [severity:3/4; 270476, 6864911, BID-36881, CVE-2009-3877]

An attacker can use the ICC_Profile.getInstance() method to detect if a file is present. [severity:1/4; 6631533, CVE-2009-3728]

An attacker can use a TrueType font, in order to generate a denial of service. [severity:1/4; 6815780, CVE-2009-3729]

An attacker can use a vulnerability of X11 and Win32GraphicsDevice. [severity:2/4; 6822057, CVE-2009-3879]

An attacker can use Component, KeyboardFocusManager and DefaultKeyboardFocusManager of AWT (Abstract Window Toolkit), in order to obtain sensitive data. [severity:2/4; 6664512, CVE-2009-3880]

An attacker can obtain information via ClassLoader. [severity:3/4; 6636650, CVE-2009-3881]

An attacker can obtain information via Swing. [severity:2/4; 6657026, CVE-2009-3882]

An attacker can obtain information via Windows Pluggable Look and Feel. [severity:2/4; 6657138, CVE-2009-3883]

An attacker can use the TimeZone.getTimeZone() method to detect if a file exists. [severity:2/4; 6824265, CVE-2009-3884]

An attacker can use a vulnerability of a signed JAR. [severity:2/4; 6870531, CVE-2009-3886]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-0217 CVE-2009-0901 CVE-2009-1896

Java JRE/JDK/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Java JRE/JDK/SDK can be used by a malicious applet/application in order to execute code or to obtain information. A legitimate applet/application, handling malicious data, can also be forced to execute code.
Impacted products: Fedora, HP-UX, Mandriva Linux, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 05/08/2009.
Revision date: 07/08/2009.
Identifiers: 263408, 263409, 263428, 263429, 263488, 263489, 263490, 264648, 6406003, 6429594, 6444262, 6446522, 6738524, 6755840, 6782979, 6801071, 6801497, 6805231, 6818787, 6823373, 6824440, 6830335, 6845701, 6848964, 6849518, 6862844, BID-35671, BID-35828, BID-35830, BID-35832, BID-35922, BID-35939, BID-35942, BID-35943, BID-35944, BID-35945, BID-35946, BID-35958, CERTA-2009-AVI-279, CERTA-2009-AVI-300, CERTA-2009-AVI-312, CERTA-2009-AVI-365, CERTA-2009-AVI-435, CERTA-2009-AVI-440, CERTA-2009-AVI-452, CERTA-2009-AVI-516, CERTA-2009-AVI-538, CERTA-2010-AVI-083, CERTA-2010-AVI-253, CVE-2009-0217, CVE-2009-0901, CVE-2009-1896, CVE-2009-2475, CVE-2009-2476, CVE-2009-2493, CVE-2009-2495, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-2689, CVE-2009-2690, CVE-2009-2716, CVE-2009-2717, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724, FEDORA-2009-8329, FEDORA-2009-8337, HPSBUX02476, MDVSA-2009:209, RHSA-2009:1199-01, RHSA-2009:1200-01, RHSA-2009:1201-01, RHSA-2009:1236-01, RHSA-2009:1582-01, RHSA-2009:1662-01, RHSA-2010:0043-01, SSRT090250, SUSE-SA:2009:043, SUSE-SA:2009:053, SUSE-SR:2009:016, SUSE-SR:2009:017, SUSE-SR:2010:012, SUSE-SR:2010:015, VIGILANCE-VUL-8916, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3, VU#456745, VU#466161, ZDI-09-049, ZDI-09-050.

Description of the vulnerability

Several vulnerabilities were announced in Java JRE/JDK/SDK.

A vulnerability of the audio system can be used to access to "java.lang.System" properties. [severity:1/4; 263408, 6738524, BID-35939, CERTA-2009-AVI-365, CVE-2009-2670]

When a SOCKS proxy is used, an applet/application can determine the name of the current user. [severity:2/4; 263409, 6801071, BID-35943, CVE-2009-2671]

When a proxy is used, an applet/application can read cookies. [severity:3/4; 263409, 6801071, BID-35943, CVE-2009-2672]

When a proxy is used, a malicious applet/application can connect to a server different than its origin server. [severity:2/4; 263409, 6801497, BID-35943, CVE-2009-2673]

When a malicious JPEG image is parsed by a Java applet/application, an integer overflow occurs, and leads to code execution. [severity:3/4; 263428, 6823373, BID-35942, CVE-2009-2674, ZDI-09-050]

The XMLDsig recommendation allows an attacker to bypass the signature of an XML document (VIGILANCE-VUL-8864). [severity:3/4; 263429, 6824440, BID-35671, CERTA-2009-AVI-279, CERTA-2009-AVI-452, CERTA-2010-AVI-253, CVE-2009-0217, VU#466161]

When a malicious Unpack200 archive is opened by the JAR utility in a Java applet/application, an integer overflow occurs, and leads to code execution. [severity:3/4; 263488, 6830335, BID-35944, CVE-2009-2675, ZDI-09-049]

An attacker can create malformed XML data, in order to corrupt the memory (VIGILANCE-VUL-8925). [severity:3/4; 263489, 6845701, BID-35958, CERTA-2009-AVI-312, CVE-2009-2625]

A malicious applet can use JNLPAppletLauncher to upload and execute another applet. [severity:3/4; 263490, 6782979, BID-35946, CVE-2009-2676]

The Java Web Start ActiveX uses a vulnerable version of the Active Template Library (VIGILANCE-VUL-8895). [severity:3/4; 264648, 6862844, BID-35828, BID-35830, BID-35832, BID-35945, CERTA-2009-AVI-300, CERTA-2009-AVI-435, CERTA-2009-AVI-440, CERTA-2009-AVI-516, CERTA-2009-AVI-538, CERTA-2010-AVI-083, CVE-2009-0901, CVE-2009-2493, CVE-2009-2495, VU#456745]

Some versions of WebStart execute unsigned code. [severity:3/4; CVE-2009-1896]

An attacker can use variables to obtain information. [severity:2/4; CVE-2009-2475]

An attacker can bypass access restrictions of OpenType. [severity:3/4; CVE-2009-2476]

An attacker can use JDK13Services to access to some objects. [severity:2/4; CVE-2009-2689]

An attacker can obtain information on private variables. [severity:2/4; CVE-2009-2690]

Several minor vulnerabilities were also announced. [severity:2/4; 6406003, 6429594, 6444262, 6446522, 6755840, 6805231, 6818787, 6848964, 6849518, CVE-2009-2716, CVE-2009-2717, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2009-0217

XML: bypassing signature

Synthesis of the vulnerability

The XMLDsig recommendation allows an attacker to bypass the signature of an XML document.
Impacted products: Apache XML Security for Java, Debian, Fedora, HP-UX, WebSphere AS Traditional, Mandriva Linux, .NET Framework, Windows 2000, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP, Java OpenJDK, Oracle GlassFish Server, Java Oracle, RHEL, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data creation/edition, data flow.
Provenance: document.
Creation date: 15/07/2009.
Identifiers: 269208, 47526, 6868619, 981343, BID-35671, CVE-2009-0217, DSA-1849-1, FEDORA-2009-8121, FEDORA-2009-8157, FEDORA-2009-8456, FEDORA-2009-8473, HPSBUX02476, MDVSA-2009:267, MDVSA-2009:268, MDVSA-2009:269, MDVSA-2009:318, MDVSA-2009:322, MS10-041, PK80596, PK80627, RHSA-2009:1428-01, SSRT090250, VIGILANCE-VUL-8864, VU#466161.

Description of the vulnerability

The W3C XMLDsig (XML Signature Syntax and Processing) recommendation indicates how to sign XML documents.

HMAC algorithms are used to sign a document, with a key and a hash algorithm.

The XMLDsig ds:HMACOutputLength parameter indicates the number of hash bits which is used on signed data. The recipient of the XML document thus only checks these first bits of the hash.

However, the specification does not define a minimum size. An attacker can therefore send a document signed with a ds:HMACOutputLength value of one, in order to force the recipient to check only one bit.

Several XMLDsig implementation honoured the recommendation, and do not impose a minimum. These implementations are thus vulnerable.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 8662

Java: memory corruption

Synthesis of the vulnerability

A malicious Java applet can corrupt the memory in order to execute code.
Impacted products: Java OpenJDK, Java Oracle.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 22/04/2009.
Identifiers: TZO-12-200, VIGILANCE-VUL-8662.

Description of the vulnerability

A malicious Java applet can corrupt the memory in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2006-2426 CVE-2009-1093 CVE-2009-1094

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Impacted products: Debian, Fedora, HP-UX, Mandriva Linux, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 16.
Creation date: 26/03/2009.
Identifiers: 254569, 254570, 254571, 254608, 254609, 254610, 254611, 6522586, 6630639, 6632886, 6636360, 6646860, 6706490, 6717680, 6724331, 6737315, 6782871, 6792554, 6798948, 6804996, 6804997, 6804998, 6804999, BID-34240, c01745133, c01805643, CERTA-2010-AVI-043, CERTA-2010-AVI-217, CVE-2006-2426, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, DSA-1769-1, FEDORA-2009-3058, HPSBMA02445, HPSBUX02429, MDVSA-2009:137, MDVSA-2009:162, RHSA-2009:0377-01, RHSA-2009:0392-01, RHSA-2009:0394-01, RHSA-2009:1038-01, RHSA-2009:1198-02, RHSA-2009:1662-01, SSRT090058, SUSE-SA:2009:016, SUSE-SA:2009:029, SUSE-SA:2009:036, SUSE-SR:2009:011, VIGILANCE-VUL-8564, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2, VMSA-2009-0016, VMSA-2009-0016.1, VMSA-2009-0016.2, VMSA-2009-0016.3, VMSA-2009-0016.4, VMSA-2009-0016.5, VMSA-2010-0002, VMSA-2010-0002.1, VMSA-2010-0002.2, VMSA-2010-0002.3.

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

A client can initialize a connection in a special way in order to create a denial of service on the LDAP server. [severity:2/4; 254569, 6717680, CERTA-2010-AVI-043, CVE-2009-1093]

A malicious LDAP server can create a denial of service on the client. [severity:3/4; 254569, 6737315, CVE-2009-1094]

Several overflows in the unpack200 JAR extraction utility lead to code executions. [severity:4/4; 254570, 6792554, CVE-2009-1095, CVE-2009-1096]

A malicious PNG image creates an integer overflow leading to code execution. [severity:4/4; 254571, 6804996, CVE-2009-1097]

Java Web Start displays an image when it starts ("splash screen"). A malicious GIF image creates a decoding error leading to code execution. [severity:4/4; 254571, 6804997]

A malicious GIF image creates an error during the calculation of an offset, which corrupts the memory and leads to code execution. [severity:4/4; 254571, 6804998, CVE-2009-1098]

A malicious font forces the usage of a negative integer, and then a write before the allocated buffer, which leads to code execution. [severity:4/4; 254571, 6804999]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6522586]

The usage of a malicious font file consumes a large amount of disk space. [severity:2/4; 254608, 6632886]

A remote attacker can create a denial of service via HTTP on JAX-WS Service Endpoint. [severity:2/4; 254609, 6630639, CVE-2009-1101]

An error in the code generation can be used by a malicious applet to execute code on the computer. [severity:4/4; 254610, 6636360, CVE-2009-1102]

An error in the Java Plug-in deserialization can be used by an applet to execute code. [severity:4/4; 254611, 6646860, CVE-2009-1103]

JavaScript code can use the Plug-in to connect to ports of the system via LiveConnect. [severity:3/4; 254611, 6724331, CVE-2009-1104]

An applet can request to be executed on a vulnerable JRE version. [severity:2/4; 254611, 6706490, CERTA-2010-AVI-217, CVE-2009-1105]

An applet can connect to sites providing crossdomain.xml. [severity:2/4; 254611, 6798948, CVE-2009-1106]

A signed applet can obscure the content of a dialog box and invite the victim to click. [severity:1/4; 254611, 6782871, CVE-2009-1107]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-5351

Java JDK/JRE/SDK: un-normalized UTF-8

Synthesis of the vulnerability

The UTF-8 decoder of Java JDK/JRE/SDK accepts long formats, which can be used to bypass security restrictions.
Impacted products: Fedora, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES.
Severity: 3/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 21/01/2009.
Identifiers: 245246, 4486841, CVE-2008-5351, FEDORA-2008-10860, FEDORA-2008-10913, RHSA-2008:1018-01, RHSA-2008:1025-01, RHSA-2009:0015-01, RHSA-2009:0016-01, RHSA-2009:0445-01, SUSE-SA:2009:001, SUSE-SR:2009:010, VIGILANCE-VUL-8406.

Description of the vulnerability

The UTF-8 encoding is used to represent Unicode characters on several bytes:
 - 1 to 7 bits : 0xxxxxxx
 - 8 to 11 bits : 110xxxxx 10xxxxxx
 - 12 to 16 bits : 1110xxxx 10xxxxxx 10xxxxxx
 - 17 to 21 bits : 11110xxx 10xxxxxx 10xxxxxx 10xxxxxx
UTF-8 limits the encoding to 4 bytes and forbids usage of more bytes than necessary.

The UTF-8 decoder of Java JDK/JRE/SDK does not check if UTF-8 encodings are normalized. For example, the "." character must only be represented as 0x2E (b00101110) and not as 0xC0-0xAE (b11000000 10101110).

An attacker can therefore use a long UTF-8 format, in order to bypass security restrictions.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-2086 CVE-2008-5339 CVE-2008-5340

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Impacted products: Fedora, OpenView, OpenView NNM, HP-UX, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, RHEL, SLES, ESX, ESXi, VMware Server, vCenter Server, VirtualCenter.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on server.
Provenance: document.
Number of vulnerabilities in this bulletin: 23.
Creation date: 02/12/2008.
Revision date: 04/12/2008.
Identifiers: 244986, 244987, 244988, 244989, 244990, 244991, 244992, 245246, 246266, 246286, 246346, 246366, 246386, 246387, 4486841, 6484091, 6497740, 6588160, 6592792, 6674093, 6694892, 6704154, 6707535, 6716217, 6721753, 6726779, 6727071, 6727079, 6727081, 6728071, 6733336, 6733959, 6734167, 6751322, 6755943, 6766136, 6767668, BID-32608, BID-32620, c01683026, c01745133, c02000725, CERTA-2008-AVI-578, CERTA-2009-AVI-069, CERTA-2009-AVI-239, CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360, FEDORA-2008-10860, FEDORA-2008-10913, HPSBMA02486, HPSBUX02411, HPSBUX02429, RHSA-2008:1018-01, RHSA-2008:1025-01, RHSA-2009:0015-01, RHSA-2009:0016-01, RHSA-2009:0369-01, RHSA-2009:0445-01, RHSA-2009:1505-01, SSRT080111, SSRT090049, SSRT090058, SUSE-SA:2009:001, SUSE-SA:2009:007, SUSE-SA:2009:018, SUSE-SR:2009:006, SUSE-SR:2009:010, SUSE-SR:2009:016, SUSE-SR:2009:017, VIGILANCE-VUL-8280, VMSA-2009-0014, VMSA-2009-0014.1, VMSA-2009-0014.2, ZDI-08-080, ZDI-08-081.

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

The JRE creates temporary files with predictable names. [severity:1/4; 244986, 6721753, CVE-2008-5360]

A buffer overflow in the Raster image handling leads to code execution. [severity:4/4; 244987, 6726779, CVE-2008-5359, ZDI-08-080]

An integer overflow in the True Font handling leads to code execution. [severity:4/4; 244987, 6733336, CVE-2008-5356]

A buffer overflow in the True Font handling leads to code execution. [severity:4/4; 244987, 6751322, CVE-2008-5357]

A buffer overflow in the GIF image handling leads to code execution. [severity:4/4; 244987, 6766136, CVE-2008-5358]

A Java code can modify the java.home, java.ext.dirs and user.home properties with a JNLP file, which can be used to load malicious extensions, and to execute code. [severity:3/4; 244988, 6694892, CERTA-2009-AVI-069, CVE-2008-2086]

A vulnerability of Java Web Start and Java Plug-in can be used to hijack HTTP sessions. [severity:2/4; 244988, 6707535, CVE-2008-5343]

A vulnerability of Java Web Start and Java Plug-in can be used to read files or to establish network connections. [severity:2/4; 244988, 6716217, CVE-2008-5344, ZDI-08-081]

A vulnerability of Java Web Start and Java Plug-in can be used to obtain information on the cache and the username. [severity:2/4; 244988, 6727071, CVE-2008-5341, ZDI-08-081]

A vulnerability of Java Web Start and Java Plug-in can be used to establish network connections to hosts other than the host were the application is downloaded. [severity:2/4; 244988, 6727079, CVE-2008-5339, ZDI-08-081]

A vulnerability of Java Web Start and Java Plug-in leads to code execution. [severity:4/4; 244988, 6727081, CVE-2008-5340]

A vulnerability of Java Web Start and Java Plug-in can be used to access to local files. [severity:2/4; 244988, 6767668, CVE-2008-5342]

The "Java Update" mechanism does not check the signature of the JRE which is downloaded. [severity:3/4; 244989, 6728071, CVE-2008-5355]

A Java application launched from the command line can elevate his privileges. [severity:2/4; 244990, 6733959, CVE-2008-5354]

The deserialization of a Calendar Object leads to code execution. [severity:4/4; 244991, 6734167, CERTA-2009-AVI-239, CVE-2008-5353]

A buffer overflow of the JAR "Unpack200" decoding procedure leads to code execution on victim's computer. [severity:4/4; 244992, 6755943, CVE-2008-5352]

The UTF-8 decoder accepts long formats, which can be used to bypass security restrictions (VIGILANCE-VUL-8406). [severity:1/4; 245246, 4486841, CVE-2008-5351]

A Java code can list the content of victim's home directory. [severity:2/4; 246266, 6484091, CERTA-2008-AVI-578, CVE-2008-5350]

The usage of some RSA keys creates a denial of service. [severity:1/4; 246286, 6497740, CVE-2008-5349]

A Java code can use the Kerberos authentication in order to create a denial of service on the computer. [severity:1/4; 246346, 6588160, CVE-2008-5348]

A Java code can use vulnerabilities of JAX-WS and JAXB to read/write files or to execute a command. [severity:4/4; 246366, 6592792, CVE-2008-5347]

A Java code can unzip a malicious ZIP file, in order to read memory fragments. [severity:2/4; 246386, 6674093, CVE-2008-5346]

A Java code loaded locally can connect to network ports of the local computer ("localhost"). [severity:1/4; 246387, 6704154, CVE-2008-5345]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-4910

JRE, JDK, SDK: file access via BasicService

Synthesis of the vulnerability

A Java application can use BasicService of Java Web Start in order to open a document.
Impacted products: Java OpenJDK, Java Oracle.
Severity: 2/4.
Consequences: user access/rights, data reading.
Provenance: document.
Creation date: 03/11/2008.
Identifiers: BID-31916, CVE-2008-4910, VIGILANCE-VUL-8213.

Description of the vulnerability

Java Web Start applications or applets are executed in a protected environment, and cannot access to system resources.

The BasicService class provides the showDocument() method which displays a url. However, this method does not check if the url indicates to exit from the sandbox. An applet can thus use BasicService to exit sandbox and to open a file with rights of user.

A malicious applet can therefore access to files located on victim's computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-3103 CVE-2008-3104 CVE-2008-3105

Java JDK/JRE/SDK: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.
Impacted products: Fedora, NSMXpress, NLD, OES, Java OpenJDK, openSUSE, Java Oracle, WebLogic, RHEL, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 09/07/2008.
Identifiers: 238628, 238666, 238687, 238905, 238965, 238966, 238967, 238968, 6332953, 6450319, 6529568, 6529579, 6542088, 6557220, 6581221, 6607339, 6661918, 6687392, 6703909, 6704074, 6704077, BID-30140, BID-30141, BID-30142, BID-30143, BID-30144, BID-30146, BID-30147, BID-30148, CERTA-2008-AVI-366, CERTA-2008-AVI-483, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, FEDORA-2008-6271, FEDORA-2008-6439, PSN-2012-08-686, PSN-2012-08-687, PSN-2012-08-688, PSN-2012-08-689, PSN-2012-08-690, RHSA-2008:0594-01, RHSA-2008:0595-01, RHSA-2008:0790-02, RHSA-2008:0891-01, RHSA-2008:0906-01, RHSA-2008:0955-01, RHSA-2008:1043-01, RHSA-2008:1044-01, RHSA-2008:1045-01, RHSA-2009:0466-02, SUSE-SA:2008:042, SUSE-SA:2008:043, SUSE-SA:2008:045, SUSE-SR:2008:022, SUSE-SR:2008:028, SUSE-SR:2009:010, VIGILANCE-VUL-7943.

Description of the vulnerability

Several vulnerabilities were announced in Java JDK/JRE/SDK.

An attacker can use XML data to access to some resources. [severity:1/4; 238628, 6542088, 6607339, BID-30143, CVE-2008-3105, CVE-2008-3106]

A malicious applet/application can use a character font to execute code on the system. [severity:4/4; 238666, 6450319, BID-30147, CVE-2008-3108]

A malicious applet/application can use the script language to execute code on the system. [severity:4/4; 238687, 6529568, 6529579, BID-30144, CVE-2008-3109, CVE-2008-3110]

Several vulnerabilities (in GetVMArgsOption or CacheEntry::writeManifest) of Java Web Start can be used by an attacker to execute code, to access to files or to obtain information. [severity:3/4; 238905, 6557220, 6703909, 6704074, 6704077, BID-30148, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114]

A JMX (Java Management Extensions) client can perform unauthorized operations when local monitoring (sun.management.JMXConnectorServer.address) is enabled. [severity:2/4; 238965, 6332953, BID-30146, CERTA-2008-AVI-366, CERTA-2008-AVI-483, CVE-2008-3103]

Since version JRE 5.0 Update 6, an applet always run on the latest JRE version. However, if an old version is installed, this potentially vulnerable version is used. [severity:1/4; 238966, 6581221, BID-30142, CVE-2008-3115]

A malicious applet/application can execute code on the system. [severity:4/4; 238967, 6661918, BID-30141, CVE-2008-3107]

A malicious Java applet can open a TCP/UDP socket connection to a chosen IP address. [severity:2/4; 238968, 6687392, BID-30140, CVE-2008-3104]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Sun Java: