Vulnerabilities > CVE-2007-4381 - Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. Additional information regarding this CVE can be found at SecurityFocus: http://www.securityfocus.com/bid/25340
Vulnerable Configurations
Exploit-Db
description | Sun Java Runtime Environment 1.4.2 Font Parsing Remote Privilege Escalation Vulnerability. CVE-2007-4381. Remote exploit for java platform |
id | EDB-ID:30502 |
last seen | 2016-02-03 |
modified | 2007-08-15 |
published | 2007-08-15 |
reporter | John Heasman |
source | https://www.exploit-db.com/download/30502/ |
title | Sun Java Runtime Environment 1.4.2 - Font Parsing Remote Privilege Escalation Vulnerability |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0100.NASL description Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the last seen 2020-06-01 modified 2020-06-02 plugin id 40712 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40712 title RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2008:0100. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(40712); script_version ("1.24"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3698", "CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273"); script_bugtraq_id(24004, 24846, 25340, 25918); script_xref(name:"RHSA", value:"2008:0100"); script_name(english:"RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. The same flaw could, potentially, crash a server application which processed untrusted font information from a third party. (CVE-2007-4381) A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop files to a desktop application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display over-sized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Please note: the vulnerabilities noted above concerned with applets can only be triggered in java-1.4.2-bea by calling the 'appletviewer' application. All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_16 release which resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2788" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-2789" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-3698" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-4381" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5232" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5239" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5240" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-5273" ); # http://dev2dev.bea.com/pub/advisory/249 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?659e0990" ); # http://dev2dev.bea.com/pub/advisory/248 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e16bf0b7" ); # http://dev2dev.bea.com/pub/advisory/272 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7dd1a2b1" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2008:0100" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189, 264, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-jdbc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-missioncontrol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x / 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2008:0100"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el3")) flag++; if (rpm_check(release:"RHEL3", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el3")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el4")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.16-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-demo-1.4.2.16-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.16-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.16-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-missioncontrol-1.4.2.16-1jpp.1.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"i686", reference:"java-1.4.2-bea-src-1.4.2.16-1jpp.1.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.4.2-bea / java-1.4.2-bea-demo / java-1.4.2-bea-devel / etc"); } }
NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL6.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user last seen 2019-10-28 modified 2007-12-17 plugin id 29702 published 2007-12-17 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29702 title Mac OS X : Java for Mac OS X 10.4 Release 6 code #TRUSTED 4b9c0ad1a24c4115f7b7fff011d8e3264a484e45f31eb2f1e6c2ad4f1f2501d5974dc3e96b6a810cf6e83813c36e309d909fe1075f7760b90957d20fd6746a7953259e5100844ae499acb1d55cf802b13af93ac438a584db1414ff772b69258724293706f0797468e7ede5205d4821b57f9723c1552c569dd5ebefbedf77411f79f0557f75ec26475fd07728ff158025cdab53dab5b7cb5a4dc9b7372b55f78f8cabe36b918d4f86f4a7502580f78ebda9ec376091efdd701e911015ead821b7f8059e8b7d571665ec49738ddf13543b53cfc12cafcb9f9aa3a8750feadc829eea8bc4c70f0c7f2e1ae84669f207ef3f27dc2b109333dc4739a58e80f350bc335e78814793eb5f637e4371c5196bfc530510f94317ef7ffb8da4933841f97eff0d58df4bb1cf34cfa756eff4e024027b2a358bb21a82e5b2729e91d832f05c4bab539872dd89b67dc7bbb7646dcb3b17c1038a5c0297ed5dedf7f5bca73320abfddb36e3b0c498fba6ab90b2193811c4822b638aa06a4bb7d39a443ea29dde32c73fbc86461c9632d7baa8d5902b5101c7d1ed07f79acc36a5307223d43f1d40c7b2b9d76d8c3446970f53c56054cb37d7f08ee0db7ede4070c261792315d9cd5758fb3889a766076cfa13e27b0d7be9801e8ce854abf230989931b264c562c2ed590fb7dcae1d98e9677ce7c3ca7903b400dd393f9c6f255ba5f540d7ec8469 # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(29702); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2018/07/14"); script_cve_id( "CVE-2006-4339", "CVE-2006-6731", "CVE-2006-6736", "CVE-2006-6745", "CVE-2007-0243", "CVE-2007-2435", "CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3503", "CVE-2007-3504", "CVE-2007-3655", "CVE-2007-3698", "CVE-2007-3922", "CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5862" ); script_bugtraq_id( 21673, 21674, 21675, 22085, 24690, 24695, 24832, 24846, 25054, 25340, 25918, 26877 ); script_xref(name:"EDB-ID", value:"30284"); script_name(english:"Mac OS X : Java for Mac OS X 10.4 Release 6"); script_summary(english:"Check for Java Release 6"); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's KeyChain. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet."); script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=307177"); script_set_attribute(attribute:"solution", value:"Upgrade to Java for Mac OS X 10.4 release 6."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(310); script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05"); script_set_attribute(attribute:"patch_publication_date", value:"2007/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_family(english:"MacOS X Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages"); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("macosx_func.inc"); if(sshlib::get_support_level() >= sshlib::SSH_LIB_SUPPORTS_COMMANDS) enable_ssh_wrappers(); else disable_ssh_wrappers(); function exec(cmd) { local_var ret, buf; if ( islocalhost() ) buf = pread(cmd:"/bin/bash", argv:make_list("bash", "-c", cmd)); else { ret = ssh_open_connection(); if ( ! ret ) exit(0); buf = ssh_cmd(cmd:cmd); ssh_close_connection(); } if ( buf !~ "^[0-9]" ) exit(0); buf = chomp(buf); return buf; } packages = get_kb_item("Host/MacOSX/packages"); if ( ! packages ) exit(0); uname = get_kb_item("Host/uname"); # Mac OS X 10.4.10, 10.4.11 only if ( egrep(pattern:"Darwin.* 8\.(10|11)\.", string:uname) ) { cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"CFBundleVersion"); buf = exec(cmd:cmd); if ( ! strlen(buf) ) exit(0); array = split(buf, sep:'.', keep:FALSE); if ( int(array[0]) < 11 || (int(array[0]) == 11 && int(array[1]) <= 7 ) ) { cmd = _GetBundleVersionCmd(file:"JavaPluginCocoa.bundle", path:"/Library/Internet Plug-Ins", label:"SourceVersion"); buf = exec(cmd:cmd); if ( strlen(buf) && int(buf) < 1120000 ) security_hole(0); } }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1086.NASL description Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the last seen 2020-06-01 modified 2020-06-02 plugin id 63846 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63846 title RHEL 4 : java-1.4.2-bea (RHSA-2007:1086) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1086. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(63846); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:13"); script_cve_id("CVE-2007-2788", "CVE-2007-2789", "CVE-2007-3698", "CVE-2007-4381"); script_xref(name:"RHSA", value:"2007:1086"); script_name(english:"RHEL 4 : java-1.4.2-bea (RHSA-2007:1086)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the 'appletviewer' application. (CVE-2007-3005) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_15 release that resolves these issues." ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2007-2788.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2007-2789.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2007-3698.html" ); script_set_attribute( attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2007-4381.html" ); script_set_attribute( attribute:"see_also", value:"http://dev2dev.bea.com/pub/advisory/249" ); script_set_attribute( attribute:"see_also", value:"http://dev2dev.bea.com/pub/advisory/248" ); script_set_attribute( attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2007-1086.html" ); script_set_attribute( attribute:"solution", value: "Update the affected java-1.4.2-bea, java-1.4.2-bea-devel and / or java-1.4.2-bea-jdbc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.4.2-bea-jdbc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.6"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); flag = 0; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.15-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-1.4.2.15-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-devel-1.4.2.15-1jpp.2.el4")) flag++; if (rpm_check(release:"RHEL4", sp:"6", cpu:"i686", reference:"java-1.4.2-bea-jdbc-1.4.2.15-1jpp.2.el4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-5183.NASL description IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-0657) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381) last seen 2020-06-01 modified 2020-06-02 plugin id 32050 published 2008-04-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32050 title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(32050); script_version ("1.21"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2007-4381", "CVE-2007-5232", "CVE-2007-5236", "CVE-2007-5238", "CVE-2007-5239", "CVE-2007-5240", "CVE-2007-5273", "CVE-2007-5274", "CVE-2008-0657", "CVE-2008-1187", "CVE-2008-1188", "CVE-2008-1189", "CVE-2008-1190", "CVE-2008-1192", "CVE-2008-1193", "CVE-2008-1194", "CVE-2008-1195", "CVE-2008-1196"); script_name(english:"SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5183)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "IBM Java 5 was updated to SR7 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - Two buffer overflow vulnerabilities may allow an untrusted applet or application to cause the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code may allow an untrusted applet or application to create a denial-of-service condition, by causing the Java Runtime Environment to crash. (CVE-2008-1194) - A buffer overflow vulnerability in the Java Runtime Environment image parsing code allow an untrusted applet or application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1193) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - Two buffer overflow vulnerabilities in Java Web Start may independently allow an untrusted Java Web Start application to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1188) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. For example, the application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. (CVE-2008-0657) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-4381.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5232.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5236.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5238.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5239.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5240.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5273.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2007-5274.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-0657.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1187.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1188.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1189.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1190.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1192.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1193.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1194.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1195.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-1196.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5183."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack'); script_cwe_id(119, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-demo-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, reference:"java-1_5_0-ibm-src-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLED10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-devel-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, reference:"java-1_5_0-ibm-fonts-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-alsa-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-jdbc-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"i586", reference:"java-1_5_0-ibm-plugin-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-alsa-32bit-1.5.0_sr7-0.2")) flag++; if (rpm_check(release:"SLES10", sp:1, cpu:"x86_64", reference:"java-1_5_0-ibm-devel-32bit-1.5.0_sr7-0.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");
NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-5182.NASL description IBM Java 1.4.2 was updated to SR10 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381) - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698) last seen 2020-06-01 modified 2020-06-02 plugin id 32049 published 2008-04-25 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/32049 title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 5182) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0956.NASL description Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the BEA Java Runtime Environment GIF image handling. If an application processes untrusted GIF image input, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-0243) A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the last seen 2020-06-01 modified 2020-06-02 plugin id 40708 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40708 title RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0132.NASL description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras, and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 40714 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40714 title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2008:0132) NASL family Misc. NASL id SUN_JAVA_JRE_103024_UNIX.NASL description According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains an issue in its font parsing code that may allow an untrusted applet to gain elevated privileges and, for example read or write local files or execute local applications. last seen 2020-06-01 modified 2020-06-02 plugin id 64823 published 2013-02-22 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64823 title Sun Java JRE Font Parsing Privilege Escalation (103024) (Unix) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200709-15.NASL description The remote host is affected by the vulnerability described in GLSA-200709-15 (BEA JRockit: Multiple vulnerabilities) An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Impact : A remote attacker could trigger the integer overflow to execute arbitrary code or crash the JVM through a specially crafted file. Also, an attacker could perform unauthorized actions via an applet that grants certain privileges to itself because of the font parsing vulnerability. The error when processing XSLT stylesheets can be exploited to execute arbitrary code. Other vulnerabilities could lead to establishing restricted network connections to certain services, Cross Site Scripting and Denial of Service attacks. Workaround : There is no known workaround at this time for all these vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 26117 published 2007-09-25 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26117 title GLSA-200709-15 : BEA JRockit: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0829.NASL description Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM last seen 2020-06-01 modified 2020-06-02 plugin id 40706 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40706 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829) NASL family SuSE Local Security Checks NASL id SUSE9_12142.NASL description IBM Java 1.4.2 was updated to SR10 to fix various security issues : - A buffer overflow vulnerability in Java Web Start may allow an untrusted Java Web Start application that is downloaded from a website to elevate its privileges. For example, an untrusted Java Web Start application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1196) - A vulnerability in the Java Runtime Environment may allow JavaScript(TM) code that is downloaded by a browser to make connections to network services on the system that the browser runs on, through Java APIs, This may allow files (that are accessible through these network services) or vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2008-1195) - A vulnerability in the Java Plug-in may an untrusted applet to bypass same origin policy and leverage this flaw to execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1192) - A vulnerability in Java Web Start may allow an untrusted Java Web Start application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-1190) - A buffer overflow vulnerability in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-1189) - A vulnerability in the Java Runtime Environment with parsing XML data may allow an untrusted applet or application to elevate its privileges. For example, an applet may read certain URL resources (such as some files and web pages). (CVE-2008-1187) - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. (CVE-2007-5240) - A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-4381) - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698) last seen 2020-06-01 modified 2020-06-02 plugin id 41210 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41210 title SuSE9 Security Update : IBM Java 2 JRE and SDK (YOU Patch Number 12142) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-4687.NASL description The IBM Java JRE/SDK has been brought to release 1.5.0 SR6, containing several bugfixes, including the following security fixes : - A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5232) - A vulnerability in the Java Runtime Environment (JRE) may allow malicious JavaScript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the JavaScript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5274) - A second vulnerability in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited. (CVE-2007-5273) - An untrusted Java Web Start application may write arbitrary files with the privileges of the user running the application. (CVE-2007-5236) - Three separate vulnerabilities may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache. (CVE-2007-5238) - An untrusted Java Web Start application or Java applet may move or copy arbitrary files by requesting the user of the application or applet to drag and drop a file from the Java Web Start application or Java applet window. (CVE-2007-5239) - An untrusted applet may display an over-sized window so that the applet warning banner is not visible to the user running the untrusted applet. CVE-2007-4381: A vulnerability in the font parsing code in the Java Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-5240) - The Java Secure Socket Extension (JSSE) that is included in various releases of the Java Runtime Environment does not correctly process SSL/TLS handshake requests. This vulnerability may be exploited to create a Denial of Service (DoS) condition to the system as a whole on a server that listens for SSL/TLS connections using JSSE for SSL/TLS support. (CVE-2007-3698) For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/ Additionally a concurrency bug has been fixed (Novell Bug 330713). last seen 2020-06-01 modified 2020-06-02 plugin id 29476 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29476 title SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 4687) NASL family Windows NASL id SUN_JAVA_JRE_103024.NASL description According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly contains an issue in its font parsing code that may allow an untrusted applet to gain elevated privileges and, for example read or write local files or execute local applications. last seen 2020-06-01 modified 2020-06-02 plugin id 25903 published 2007-08-17 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25903 title Sun Java JRE Font Parsing Privilege Escalation (103024)
Oval
accepted | 2010-09-06T04:02:24.470-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
description | Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | ||||
family | unix | ||||
id | oval:org.mitre.oval:def:10290 | ||||
status | accepted | ||||
submitted | 2010-07-09T03:56:16-04:00 | ||||
title | Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | ||||
version | 7 |
Redhat
advisories |
| ||||||||||||||||
rpms |
|
References
- http://dev2dev.bea.com/pub/advisory/248
- http://docs.info.apple.com/article.html?artnum=307177
- http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html
- http://secunia.com/advisories/26402
- http://secunia.com/advisories/26631
- http://secunia.com/advisories/26933
- http://secunia.com/advisories/27203
- http://secunia.com/advisories/27716
- http://secunia.com/advisories/28056
- http://secunia.com/advisories/28115
- http://secunia.com/advisories/28777
- http://secunia.com/advisories/28880
- http://secunia.com/advisories/29340
- http://secunia.com/advisories/29897
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1
- http://support.novell.com/techcenter/psdb/0c36b6416afc3868b8b1b9012955e323.html
- http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml
- http://www.redhat.com/support/errata/RHSA-2007-0956.html
- http://www.redhat.com/support/errata/RHSA-2007-1086.html
- http://www.redhat.com/support/errata/RHSA-2008-0100.html
- http://www.redhat.com/support/errata/RHSA-2008-0132.html
- http://www.securityfocus.com/bid/25340
- http://www.securitytracker.com/id?1018576
- http://www.vupen.com/english/advisories/2007/2910
- http://www.vupen.com/english/advisories/2007/3009
- http://www.vupen.com/english/advisories/2007/4224
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36061
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10290