Vulnerabilities > CVE-2006-6736 - Information Disclosure vulnerability in SUN Jdk, JRE and SDK

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
sun
nessus
NVD
Published: 2006-12-26
Updated: 2019-08-01

Summary

Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."

Vulnerable Configurations

Part Description Count
Application
Sun
78

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200701-15.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200701-15 (Sun JDK/JRE: Multiple vulnerabilities) Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM; access data maintained in other Java applets; or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24251
    published2007-01-26
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24251
    titleGLSA-200701-15 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-3851.NASL
    descriptionThe IBM Java JRE/SDK has been brought to release 1.4.2 SR containing several bugfixes, including following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745)
    last seen2020-06-01
    modified2020-06-02
    plugin id29469
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29469
    titleSuSE 10 Security Update : IBM Java (ZYPP Patch Number 3851)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200705-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200705-20 (Blackdown Java: Applet privilege escalation) Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM, access data maintained in other Java applets, or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : Disable the
    last seen2020-06-01
    modified2020-06-02
    plugin id25341
    published2007-05-29
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/25341
    titleGLSA-200705-20 : Blackdown Java: Applet privilege escalation
  • NASL familyWindows
    NASL idSUN_JAVA_JRE_102729.NASL
    descriptionAccording to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets.
    last seen2020-06-01
    modified2020-06-02
    plugin id23931
    published2006-12-20
    reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/23931
    titleSun Java JRE Multiple Vulnerabilities (102729 / 102732)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_JAVA_REL6.NASL
    descriptionThe remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user
    last seen2019-10-28
    modified2007-12-17
    plugin id29702
    published2007-12-17
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29702
    titleMac OS X : Java for Mac OS X 10.4 Release 6
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0062.NASL
    descriptionUpdated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id63837
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63837
    titleRHEL 3 / 4 : java-1.4.2-ibm (RHSA-2007:0062)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0072.NASL
    descriptionIBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id24320
    published2007-02-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24320
    titleRHEL 2.1 : IBMJava2 (RHSA-2007:0072)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2007_003.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2007:003 (Sun Java). The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSE Linux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. - The Java 1.5 version (also known as Java 5) to 1.5.0_10 for SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. While Sun does not publish the vulnerabilities fixed for this specific update, it published the bugs fixed previously, text snippets verbatim from the Mitre CVE DB: CVE-2006-6731:Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. CVE-2006-6736: Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to attackers to use untrusted applets to
    last seen2019-10-28
    modified2007-02-18
    plugin id24457
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24457
    titleSUSE-SA:2007:003: Sun Java
  • NASL familyMisc.
    NASL idSUN_JAVA_JRE_102729_UNIX.NASL
    descriptionAccording to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets.
    last seen2020-06-01
    modified2020-06-02
    plugin id64818
    published2013-02-22
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64818
    titleSun Java JRE Multiple Vulnerabilities (102729 / 102732) (Unix)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200702-08.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200702-08 (AMD64 x86 emulation Sun
    last seen2020-06-01
    modified2020-06-02
    plugin id24369
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24369
    titleGLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0073.NASL
    descriptionjava-1.5.0-ibm packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM
    last seen2020-06-01
    modified2020-06-02
    plugin id63839
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63839
    titleRHEL 4 : java-1.5.0-ibm (RHSA-2007:0073)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-3891.NASL
    descriptionThe IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745)
    last seen2020-06-01
    modified2020-06-02
    plugin id29474
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29474
    titleSuSE 10 Security Update : Java (ZYPP Patch Number 3891)

Oval

accepted2010-09-06T04:14:48.889-04:00
classvulnerability
contributors
nameAharon Chernin
organizationSCAP.com, LLC
descriptionUnspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
familyunix
idoval:org.mitre.oval:def:9729
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUnspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."
version6

Redhat

advisories
  • rhsa
    idRHSA-2007:0062
  • rhsa
    idRHSA-2007:0072
  • rhsa
    idRHSA-2007:0073
rpms
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-demo-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-devel-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-javacomm-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-jdbc-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-plugin-0:1.4.2.7-1jpp.4.el4
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el3
  • java-1.4.2-ibm-src-0:1.4.2.7-1jpp.4.el4
  • IBMJava2-JRE-1:1.3.1-12
  • IBMJava2-SDK-1:1.3.1-11
  • java-1.5.0-ibm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-demo-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-devel-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.3-1jpp.3.el4
  • java-1.5.0-ibm-src-1:1.5.0.3-1jpp.3.el4

References