Vulnerabilities > CVE-2006-6745 - Remote Privilege Escalation vulnerability in Sun Java Runtime Environment
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200701-15.NASL description The remote host is affected by the vulnerability described in GLSA-200701-15 (Sun JDK/JRE: Multiple vulnerabilities) Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM; access data maintained in other Java applets; or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 24251 published 2007-01-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24251 title GLSA-200701-15 : Sun JDK/JRE: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-3851.NASL description The IBM Java JRE/SDK has been brought to release 1.4.2 SR containing several bugfixes, including following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745) last seen 2020-06-01 modified 2020-06-02 plugin id 29469 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29469 title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 3851) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200705-20.NASL description The remote host is affected by the vulnerability described in GLSA-200705-20 (Blackdown Java: Applet privilege escalation) Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK and the Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in the Sun JDK and the Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM, access data maintained in other Java applets, or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : Disable the last seen 2020-06-01 modified 2020-06-02 plugin id 25341 published 2007-05-29 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25341 title GLSA-200705-20 : Blackdown Java: Applet privilege escalation NASL family Windows NASL id SUN_JAVA_JRE_102729.NASL description According to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets. last seen 2020-06-01 modified 2020-06-02 plugin id 23931 published 2006-12-20 reporter This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23931 title Sun Java JRE Multiple Vulnerabilities (102729 / 102732) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL6.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user last seen 2019-10-28 modified 2007-12-17 plugin id 29702 published 2007-12-17 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29702 title Mac OS X : Java for Mac OS X 10.4 Release 6 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0062.NASL description Updated java-1.4.2-ibm packages to correct several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63837 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63837 title RHEL 3 / 4 : java-1.4.2-ibm (RHSA-2007:0062) NASL family SuSE Local Security Checks NASL id SUSE_SA_2007_003.NASL description The remote host is missing the patch for the advisory SUSE-SA:2007:003 (Sun Java). The SUN Java packages have been upgraded to fix security problems. SUN Java was upgraded on all affected distributions: - The Java 1.3 version to 1.3.1_19 for SUSE Linux Enterprise Server 8. - The Java 1.4 version (also known as Java 2) to 1.4.2_13 for SUSE Linux Enterprise Desktop 1, SUSE Linux Enterprise Server 9, SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. - The Java 1.5 version (also known as Java 5) to 1.5.0_10 for SUSE Linux 9.3, 10.0, 10.1 and openSUSE 10.2. While Sun does not publish the vulnerabilities fixed for this specific update, it published the bugs fixed previously, text snippets verbatim from the Mitre CVE DB: CVE-2006-6731:Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. CVE-2006-6736: Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to attackers to use untrusted applets to last seen 2019-10-28 modified 2007-02-18 plugin id 24457 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24457 title SUSE-SA:2007:003: Sun Java NASL family Misc. NASL id SUN_JAVA_JRE_102729_UNIX.NASL description According to its version number, the Sun JRE installed on the remote host has two buffer overflow issues that may allow an untrusted applet to elevate its privileges to, for example, read or write local files or to execute local applications subject to the privileges of the user running the applet. In addition, another set of vulnerabilities may allow an untrusted applet to access data in other applets. last seen 2020-06-01 modified 2020-06-02 plugin id 64818 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64818 title Sun Java JRE Multiple Vulnerabilities (102729 / 102732) (Unix) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200702-08.NASL description The remote host is affected by the vulnerability described in GLSA-200702-08 (AMD64 x86 emulation Sun last seen 2020-06-01 modified 2020-06-02 plugin id 24369 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24369 title GLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0073.NASL description java-1.5.0-ibm packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 63839 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63839 title RHEL 4 : java-1.5.0-ibm (RHSA-2007:0073) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-3891.NASL description The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745) last seen 2020-06-01 modified 2020-06-02 plugin id 29474 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29474 title SuSE 10 Security Update : Java (ZYPP Patch Number 3891)
Oval
accepted | 2010-09-06T04:14:07.166-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. | ||||
family | unix | ||||
id | oval:org.mitre.oval:def:9621 | ||||
status | accepted | ||||
submitted | 2010-07-09T03:56:16-04:00 | ||||
title | Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. | ||||
version | 6 |
Redhat
advisories |
| ||||||||
rpms |
|
References
- http://dev2dev.bea.com/pub/advisory/240
- http://docs.info.apple.com/article.html?artnum=307177
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html
- http://secunia.com/advisories/23445
- http://secunia.com/advisories/23650
- http://secunia.com/advisories/23835
- http://secunia.com/advisories/24099
- http://secunia.com/advisories/24189
- http://secunia.com/advisories/24468
- http://secunia.com/advisories/25283
- http://secunia.com/advisories/25404
- http://secunia.com/advisories/26049
- http://secunia.com/advisories/26119
- http://secunia.com/advisories/28115
- http://security.gentoo.org/glsa/glsa-200701-15.xml
- http://security.gentoo.org/glsa/glsa-200702-08.xml
- http://securitytracker.com/id?1017426
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
- http://support.novell.com/techcenter/psdb/4f850d1e2b871db609de64ec70f0089c.html
- http://support.novell.com/techcenter/psdb/d2f549cc040cd81ae4a268bb5edfe918.html
- http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml
- http://www.kb.cert.org/vuls/id/102289
- http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html
- http://www.novell.com/linux/security/advisories/2007_45_java.html
- http://www.redhat.com/support/errata/RHSA-2007-0062.html
- http://www.redhat.com/support/errata/RHSA-2007-0073.html
- http://www.securityfocus.com/bid/21673
- http://www.us-cert.gov/cas/techalerts/TA07-022A.html
- http://www.vupen.com/english/advisories/2006/5074
- http://www.vupen.com/english/advisories/2007/0936
- http://www.vupen.com/english/advisories/2007/1814
- http://www.vupen.com/english/advisories/2007/4224
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9621