Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE network
sun
critical
nessus
Published: 2006-12-26
Updated: 2019-10-09
Summary
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
Application | Sun | 80 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200701-15.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200701-15 (Sun JDK/JRE: Multiple vulnerabilities) Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM; access data maintained in other Java applets; or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24251 |
published | 2007-01-26 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24251 |
title | GLSA-200701-15 : Sun JDK/JRE: Multiple vulnerabilities |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200705-20.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200705-20 (Blackdown Java: Applet privilege escalation) Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM, access data maintained in other Java applets, or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : Disable the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25341 |
published | 2007-05-29 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/25341 |
title | GLSA-200705-20 : Blackdown Java: Applet privilege escalation |
NASL family | Windows |
NASL id | SUN_JAVA_JRE_102729.NASL |
description | According to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 23931 |
published | 2006-12-20 |
reporter | This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/23931 |
title | Sun Java JRE Multiple Vulnerabilities (102729 / 102732) |
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_JAVA_REL6.NASL |
description | The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user |
last seen | 2019-10-28 |
modified | 2007-12-17 |
plugin id | 29702 |
published | 2007-12-17 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29702 |
title | Mac OS X : Java for Mac OS X 10.4 Release 6 |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2007-0062.NASL |
description | Updated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 63837 |
published | 2013-01-24 |
reporter | This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/63837 |
title | RHEL 3 / 4 : java-1.4.2-ibm (RHSA-2007:0062) |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2007-0072.NASL |
description | IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24320 |
published | 2007-02-09 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/24320 |
title | RHEL 2.1 : IBMJava2 (RHSA-2007:0072) |
NASL family | SuSE Local Security Checks |
NASL id | SUSE_SA_2007_003.NASL |
description | The remote host is missing the patch for the advisory SUSE-SA:2007:003 (Sun Java). The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSE Linux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. - The Java 1.5 version (also known as Java 5) to 1.5.0_10 for SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. While Sun does not publish the vulnerabilities fixed for this specific update, it published the bugs fixed previously, text snippets verbatim from the Mitre CVE DB: CVE-2006-6731:Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. CVE-2006-6736: Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to attackers to use untrusted applets to |
last seen | 2019-10-28 |
modified | 2007-02-18 |
plugin id | 24457 |
published | 2007-02-18 |
reporter | This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24457 |
title | SUSE-SA:2007:003: Sun Java |
NASL family | Misc. |
NASL id | SUN_JAVA_JRE_102729_UNIX.NASL |
description | According to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 64818 |
published | 2013-02-22 |
reporter | This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/64818 |
title | Sun Java JRE Multiple Vulnerabilities (102729 / 102732) (Unix) |
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200702-08.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200702-08 (AMD64 x86 emulation Sun |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24369 |
published | 2007-02-18 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/24369 |
title | GLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities |
NASL family | Red Hat Local Security Checks |
NASL id | REDHAT-RHSA-2007-0073.NASL |
description | java-1.5.0-ibm packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 63839 |
published | 2013-01-24 |
reporter | This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/63839 |
title | RHEL 4 : java-1.5.0-ibm (RHSA-2007:0073) |
Oval
accepted | 2010-09-06T04:01:11.346-04:00 |
class | vulnerability |
contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
|
description | Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. |
family | unix |
id | oval:org.mitre.oval:def:10134 |
status | accepted |
submitted | 2010-07-09T03:56:16-04:00 |
title | Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information. |
version | 6 |
Redhat
advisories | |
rpms | - java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-javacomm-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el4
- java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el3
- java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el4
- IBMJava2-JRE-1:1.3.1-12
- IBMJava2-SDK-1:1.3.1-11
- java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-demo-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-devel-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-javacomm-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-jdbc-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-plugin-1:1.5.0.3-1jpp.3.el4
- java-1.5.0-ibm-src-1:1.5.0.3-1jpp.3.el4
|