Vulnerabilities > CVE-2008-5354 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SUN Jdk, JRE and SDK
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_40374.NASL description s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257) - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049) last seen 2020-06-01 modified 2020-06-02 plugin id 43142 published 2009-12-14 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43142 title HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 code # # (C) Tenable Network Security, Inc. # # The descriptive text and patch checks in this plugin were # extracted from HP patch PHSS_40374. The text itself is # copyright (C) Hewlett-Packard Development Company, L.P. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(43142); script_version("1.38"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360", "CVE-2009-0898", "CVE-2009-3845", "CVE-2009-3846", "CVE-2009-3847", "CVE-2009-3848", "CVE-2009-3849", "CVE-2009-4176", "CVE-2009-4177", "CVE-2009-4178", "CVE-2009-4179", "CVE-2009-4180", "CVE-2009-4181"); script_xref(name:"HP", value:"emr_na-c01950877"); script_xref(name:"HP", value:"emr_na-c02000725"); script_xref(name:"HP", value:"SSRT090049"); script_xref(name:"HP", value:"SSRT090257"); script_name(english:"HP-UX PHSS_40374 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25"); script_summary(english:"Checks for the patch in the swlist output"); script_set_attribute( attribute:"synopsis", value:"The remote HP-UX host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 25 : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257) - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049)" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?422f4693" ); # http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?72ecd727" ); script_set_attribute( attribute:"solution", value:"Install patch PHSS_40374 or subsequent." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'White_Phosphorus'); script_cwe_id(94, 119, 189, 200, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:hp:hp-ux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/26"); script_set_attribute(attribute:"patch_modification_date", value:"2010/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_family(english:"HP-UX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/HP-UX/version", "Host/HP-UX/swlist"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("hpux.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/HP-UX/version")) audit(AUDIT_OS_NOT, "HP-UX"); if (!get_kb_item("Host/HP-UX/swlist")) audit(AUDIT_PACKAGE_LIST_MISSING); if (!hpux_check_ctx(ctx:"11.11 11.23 11.31", proc:"parisc")) { exit(0, "The host is not affected since PHSS_40374 applies to a different OS release / architecture."); } patches = make_list("PHSS_40374", "PHSS_40707", "PHSS_41242", "PHSS_41606", "PHSS_41857", "PHSS_42232", "PHSS_43046", "PHSS_43353"); foreach patch (patches) { if (hpux_installed(app:patch)) { exit(0, "The host is not affected because patch "+patch+" is installed."); } } flag = 0; if (hpux_check_patch(app:"OVNNMETCore.OVNNMET-CORE", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMETCore.OVNNMET-IPV6", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMETCore.OVNNMET-JPN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMETCore.OVNNMET-PD", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMETCore.OVNNMET-PESA", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVMIB-CONTRIB", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVNNM-RUN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVNNMGR-JPN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVNNMGR-KOR", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVNNMGR-SCH", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVRPT-RUN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVWWW-JPN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVWWW-KOR", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgr.OVWWW-SCH", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgrMan.OVNNM-RUN-MAN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVNNMgrRtDOC.OVNNM-ENG-DOC", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVDB-RUN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVEVENT-MIN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVMIN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVPMD-MIN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVSNMP-MIN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVWIN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVWWW-EVNT", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVWWW-FW", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatform.OVWWW-SRV", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatformMan.OVEVENTMIN-MAN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatformMan.OVMIN-MAN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatformMan.OVSNMP-MIN-MAN", version:"B.07.50.00")) flag++; if (hpux_check_patch(app:"OVPlatformMan.OVWIN-MAN", version:"B.07.50.00")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:hpux_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-SUN-5852.NASL description The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 / CVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 / CVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 / CVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 / CVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 / CVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 / CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 41526 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41526 title SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(41526); script_version ("1.17"); script_cvs_date("Date: 2019/10/25 13:36:32"); script_cve_id("CVE-2008-2086", "CVE-2008-5339", "CVE-2008-5340", "CVE-2008-5341", "CVE-2008-5342", "CVE-2008-5343", "CVE-2008-5344", "CVE-2008-5345", "CVE-2008-5346", "CVE-2008-5347", "CVE-2008-5348", "CVE-2008-5349", "CVE-2008-5350", "CVE-2008-5351", "CVE-2008-5352", "CVE-2008-5353", "CVE-2008-5354", "CVE-2008-5355", "CVE-2008-5356", "CVE-2008-5357", "CVE-2008-5358", "CVE-2008-5359", "CVE-2008-5360"); script_name(english:"SuSE 10 Security Update : Sun Java 1.4.2 (ZYPP Patch Number 5852)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360 / CVE-2008-5359 / CVE-2008-5358 / CVE-2008-5357 / CVE-2008-5356 / CVE-2008-5344 / CVE-2008-5343 / CVE-2008-5342 / CVE-2008-5341 / CVE-2008-5340 / CVE-2008-5339 / CVE-2008-2086 / CVE-2008-5355 / CVE-2008-5354 / CVE-2008-5353 / CVE-2008-5352 / CVE-2008-5351 / CVE-2008-5350 / CVE-2008-5349 / CVE-2008-5348 / CVE-2008-5347 / CVE-2008-5345 / CVE-2008-5346)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-2086.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5339.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5340.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5341.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5342.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5343.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5344.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5345.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5346.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5347.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5348.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5349.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5350.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5351.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5352.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5353.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5354.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5355.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5356.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5357.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5358.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5359.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2008-5360.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 5852."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Sun Java Calendar Deserialization Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94, 119, 189, 200, 264, 287); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/12/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-alsa-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-demo-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-devel-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-jdbc-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-plugin-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"java-1_4_2-sun-src-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-alsa-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-devel-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-jdbc-1.4.2.19-0.3")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"java-1_4_2-sun-plugin-1.4.2.19-0.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family HP-UX Local Security Checks NASL id HPUX_PHSS_40375.NASL description s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 : The remote HP-UX host is affected by multiple vulnerabilities : - Potential security vulnerabilities have been identified with the Java Runtime Environment (JRE) and Java Developer Kit (JDK) delivered with HP OpenView Network Node Manager (OV NNM). These vulnerabilities may allow remote unauthorized access, privilege escalation, execution of arbitrary code, and creation of a Denial of Service (DoS) . (HPSBMA02486 SSRT090049) - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code. References: CVE-2009-0898 (SSRT090101) CVE-2009-3845 (SSRT090037, ZDI-CAN-453) CVE-2009-3846 (SSRT090122, ZDI-CAN-526) CVE-2009-3847 (SSRT090128, ZDI-CAN-532) CVE-2009-3848 (SSRT090129, ZDI-CAN-522) CVE-2009-3849 (SSRT090130, ZDI-CAN-523) CVE-2009-4176 (SSRT090131, ZDI-CAN-532) CVE-2009-4177 (SSRT090132, ZDI-CAN-538) CVE-2009-4178 (SSRT090133, ZDI-CAN-539) CVE-2009-4179 (SSRT090134, ZDI-CAN-540) CVE-2009-4180 (SSRT090135, ZDI-CAN-542) CVE-2009-4181 (SSRT090164, ZDI-CAN-549). (HPSBMA02483 SSRT090257) last seen 2020-06-01 modified 2020-06-02 plugin id 43143 published 2009-12-14 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/43143 title HP-UX PHSS_40375 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 25 NASL family SuSE Local Security Checks NASL id SUSE9_12336.NASL description This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350) - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346) - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343) - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344) - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359) - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. (CVE-2008-5341) - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339) - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340) - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348) - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086) - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). (CVE-2008-5345) - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the last seen 2020-06-01 modified 2020-06-02 plugin id 41268 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41268 title SuSE9 Security Update : IBM Java5 JRE and SDK (YOU Patch Number 12336) NASL family SuSE Local Security Checks NASL id SUSE9_12321.NASL description The version update to SUN Java 1.4.2sr19 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 41263 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41263 title SuSE9 Security Update : Sun Java (YOU Patch Number 12321) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1025.NASL description Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086) Additionally, these packages fix several other vulnerabilities. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40732 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40732 title RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:1025) NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_5_0-SUN-081217.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 39997 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39997 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0014.NASL description a. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon last seen 2020-06-01 modified 2020-06-02 plugin id 42179 published 2009-10-19 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42179 title VMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0445.NASL description Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM(r) 1.4.2 SR13 Java(tm) release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 40743 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40743 title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:0445) NASL family Fedora Local Security Checks NASL id FEDORA_2008-10860.NASL description OpenJDK security patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35046 published 2008-12-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35046 title Fedora 9 : java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9 (2008-10860) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0016.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40738 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40738 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0016) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0015.NASL description Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40737 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40737 title RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_4_2-IBM-6136.NASL description This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various last seen 2020-06-01 modified 2020-06-02 plugin id 41525 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/41525 title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6136) NASL family Misc. NASL id VMWARE_VMSA-2009-0014_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver last seen 2020-06-01 modified 2020-06-02 plugin id 89116 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89116 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE4.NASL description The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing Update 4. The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges. last seen 2020-03-18 modified 2009-06-17 plugin id 39435 published 2009-06-17 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39435 title Mac OS X : Java for Mac OS X 10.5 Update 4 NASL family Windows NASL id SUN_JAVA_JRE_244986.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE last seen 2020-06-01 modified 2020-06-02 plugin id 35030 published 2008-12-04 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35030 title Sun Java JRE Multiple Vulnerabilities (244986 et al) NASL family Misc. NASL id SUN_JAVA_JRE_244986_UNIX.NASL description The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues : - The JRE creates temporary files with insufficiently random names. (244986) - There are multiple buffer overflow vulnerabilities involving the JRE last seen 2020-06-01 modified 2020-06-02 plugin id 64828 published 2013-02-22 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64828 title Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-IBM-5960.NASL description This update brings IBM Java 5 to Service Release 9. It fixes the following security problems : - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350) - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346) - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343) - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344) - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359) - A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application. (CVE-2008-5341) - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339) - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340) - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348) - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086) - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). (CVE-2008-5345) - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the last seen 2020-06-01 modified 2020-06-02 plugin id 41527 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41527 title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5960) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200911-02.NASL description The remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 42834 published 2009-11-18 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42834 title GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-713-1.NASL description It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. (CVE-2008-5347, CVE-2008-5350) It was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. (CVE-2008-5348, CVE-2008-5349) It was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. (CVE-2008-5351) Overflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5352, CVE-2008-5354) It was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. (CVE-2008-5353) It was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. (CVE-2008-5358, CVE-2008-5359) It was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information. (CVE-2008-5360). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37381 published 2009-04-23 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37381 title Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_JAVA-1_6_0-SUN-081217.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40002 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40002 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376) NASL family Fedora Local Security Checks NASL id FEDORA_2008-10913.NASL description OpenJDK security patches applied. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37147 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37147 title Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913) NASL family SuSE Local Security Checks NASL id SUSE9_12387.NASL description This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues : - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350) - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346) - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343) - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344) - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359) - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339) - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340) - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348) - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086) - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). (CVE-2008-5345) - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the last seen 2020-06-01 modified 2020-06-02 plugin id 41289 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41289 title SuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12387) NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_REL9.NASL description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X older than release 9. The remote version of this software contains several security vulnerabilities. A remote attacker could exploit these issues to bypass security restrictions, disclose sensitive information, cause a denial of service, or escalate privileges. last seen 2020-03-18 modified 2009-07-09 plugin id 39766 published 2009-07-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39766 title Mac OS X : Java for Mac OS X 10.4 Release 9 NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-SUN-081217.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40241 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40241 title openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-376) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_6_0-SUN-5876.NASL description The version update to SUN Java 1.6.0_11-b03 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 35306 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35306 title openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5876) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-1018.NASL description Updated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. (CVE-2008-2086) Additionally, these packages fix several other critical vulnerabilities. These are summarized in the last seen 2020-06-01 modified 2020-06-02 plugin id 40731 published 2009-08-24 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40731 title RHEL 4 / 5 : java-1.6.0-sun (RHSA-2008:1018) NASL family SuSE Local Security Checks NASL id SUSE_11_JAVA-1_4_2-IBM-090405.NASL description This update brings the IBM Java 1.4.2 JDK and JRE to Service Release 13. It fixes lots of bugs and various security issues : - A security vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to list the contents of the home directory of the user running the applet or application. (CVE-2008-5350) - A security vulnerability in the Java Runtime Environment (JRE) with parsing zip files may allow an untrusted applet or application to read arbitrary memory locations in the process that the applet or application is running in. (CVE-2008-5346) - A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser. (CVE-2008-5343) - A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from. (CVE-2008-5344) - A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2008-5359) - A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from. (CVE-2008-5339) - A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application. (CVE-2008-5340) - A security vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may lead to a Denial of Service (DoS) to the system as a whole, due to excessive consumption of operating system resources. (CVE-2008-5348) - A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties. (CVE-2008-2086) - The Java Runtime Environment (JRE) allows code loaded from the local filesystem to access localhost. This may allow code that is maliciously placed on the local filesystem and then subsequently run, to have network access to localhost that would not otherwise be allowed if the code were loaded from a remote host. This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost). (CVE-2008-5345) - The UTF-8 (Unicode Transformation Format-8) decoder in the Java Runtime Environment (JRE) accepts encodings that are longer than the last seen 2020-06-01 modified 2020-06-02 plugin id 41404 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41404 title SuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 735) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_5_0-SUN-081217.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 40235 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40235 title openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-375) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-0466.NASL description Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit, shipped as part of Red Hat Network Satellite Server. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several vulnerabilities were discovered in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM last seen 2020-06-01 modified 2020-06-02 plugin id 43843 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43843 title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:0466) NASL family SuSE Local Security Checks NASL id SUSE_JAVA-1_5_0-SUN-5875.NASL description The version update to SUN Java 1.5.0u17 fixes numerous security issues such as privilege escalations. (CVE-2008-5360, CVE-2008-5359, CVE-2008-5358, CVE-2008-5357, CVE-2008-5356, CVE-2008-5344, CVE-2008-5343, CVE-2008-5342, CVE-2008-5341, CVE-2008-5340, CVE-2008-5339, CVE-2008-2086, CVE-2008-5355, CVE-2008-5354, CVE-2008-5353, CVE-2008-5352, CVE-2008-5351, CVE-2008-5350, CVE-2008-5349, CVE-2008-5348, CVE-2008-5347, CVE-2008-5345, CVE-2008-5346) last seen 2020-06-01 modified 2020-06-02 plugin id 35305 published 2009-01-07 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35305 title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5875) NASL family SuSE Local Security Checks NASL id SUSE_11_1_JAVA-1_6_0-OPENJDK-090303.NASL description OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues. It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA public keys CVE-2008-5349 6588160 jaas krb5 client leaks OS-level UDP sockets (all platforms) CVE-2008-5348 6592792 Add com.sun.xml.internal to the last seen 2020-06-01 modified 2020-06-02 plugin id 40238 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40238 title openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)
Oval
| accepted | 2010-01-11T04:01:53.960-05:00 | ||||
| class | vulnerability | ||||
| contributors |
| ||||
| definition_extensions |
| ||||
| description | Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | ||||
| family | unix | ||||
| id | oval:org.mitre.oval:def:6537 | ||||
| status | accepted | ||||
| submitted | 2009-09-23T15:39:02.000-04:00 | ||||
| title | Sun Java Runtime Environment JAR Main-Class manifest entry buffer overflow | ||||
| version | 4 |
Redhat
| advisories |
| ||||||||||||||||||||||||
| rpms |
|
Saint
| bid | 32608 |
| description | Java Runtime Environment JAR manifest Main Class buffer overflow |
| id | web_client_jre,web_dev_jdk |
| osvdb | 50499 |
| title | jre_manifest_main_class |
| type | client |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 32620,32608 CVE(CAN) ID: CVE-2008-5339,CVE-2008-5340,CVE-2008-5341,CVE-2008-5342,CVE-2008-5343,CVE-2008-5344,CVE-2008-5345,CVE-2008-5346,CVE-2008-5347,CVE-2008-5348,CVE-2008-5349,CVE-2008-5350,CVE-2008-5351,CVE-2008-5352,CVE-2008-5353,CVE-2008-5354,CVE-2008-5355,CVE-2008-5356,CVE-2008-5357,CVE-2008-5358,CVE-2008-5359,CVE-2008-5360,CVE-2008-2086 Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 Sun Java中的多个安全漏洞可能允许恶意用户绕过某些安全限制、泄露系统信息、导致拒绝服务或完全入侵有漏洞的系统。 1) JRE创建了名称不过随机的临时文件,这可能导致在受影响的系统上写入任意JAR文件并执行有限的操作。 2) Java AWT库在处理图形模型时存在错误,在ConvolveOp操作中使用的特制Raster图形模型可能导致堆溢出。 3) Java Web Start在处理某些GIF头值时的错误可能允许通过特制的splash logo导致内存破坏。 4) 处理TrueType字体时的整数溢出可能导致堆溢出。 5) JRE中的错误可能导致创建到任意主机的网络连接。 6) 启动Java Web Start应用程序时的错误可能允许不可信任的应用程序以当前用户的权限读写或执行本地文件。 7) 不可信任的Java Web Start应用程序可以获取当前用户名和Java Web Start缓存的位置。 8) Java Web Start中的错误可能允许通过特制的JNLP文件修改系统属性,如java.home、java.ext.dirs和user.home。 9) Java Web Start和Java Plug-in中的错误可能导致劫持HTTP会话。 10) JRE applet类加载功能中的错误可能导致读取任意文件和创建到任意主机的网络连接。 11) Java Web Start BasicService中的错误可能导致在用户浏览器中打开任意本地文件。 12) Java Update机制没有检查下载的更新软件包的数字签名,这可能允许通过中间人或DNS伪造攻击执行任意代码。 13) 在处理JAR文件的Main-Class清单项时的边界错误可能允许通过特制的JAR文件导致栈溢出。 14) 还原序列号日历对象时的错误可能允许不可信任的Java applet读写或执行本地文件。 15) JRE中的整数溢出可能允许通过特制的Pack200压缩JAR文件导致堆溢出。 16) UTF-8解码器接受长于最短表单的编码,这可能导致使用解码器的应用程序通过特制URI接受无效的序列和泄露敏感信息。 17) JRE中的错误可能允许列出用户主目录的内容。 18) 处理RSA公钥时的错误可能导致消耗大量CPU资源。 19) JRE Kerberos认证机制中的错误可能导致耗尽操作系统资源。 20) JAX-WS和JAXB JRE软件包中的错误可能允许不可信任的Java applet读写或执行本地文件。 21) 处理ZIP文件时的错误可能导致泄露主机进程的任意内存位置。 22) 从本地文件系统所加载的恶意代码可能获取对本地主机的网络访问。 23) 处理TrueType字体时的边界错误可能导致堆溢出。 Sun JDK <= 6 Update 10 Sun JDK <= 5.0 Update 16 Sun JRE <= 6 Update 10 Sun JRE <= 5.0 Update 16 Sun SDK 1.4.2 Sun SDK 1.3.1 RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2008:1025-01)以及相应补丁: RHSA-2008:1025-01:Critical: java-1.5.0-sun security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2008-1025.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-1025.html</a> Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-246387)以及相应补丁: Sun-Alert-246387:A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost 链接:<a href=http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1 target=_blank>http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-246387-1</a> 补丁下载: <a href=http://java.sun.com/javase/downloads/index.jsp target=_blank>http://java.sun.com/javase/downloads/index.jsp</a> <a href=http://java.sun.com/javase/downloads/index_jdk5.jsp target=_blank>http://java.sun.com/javase/downloads/index_jdk5.jsp</a> <a href=http://java.sun.com/j2se/1.4.2/download.html target=_blank>http://java.sun.com/j2se/1.4.2/download.html</a> <a href=http://java.sun.com/j2se/1.3/download.html target=_blank>http://java.sun.com/j2se/1.3/download.html</a> |
| id | SSV:4532 |
| last seen | 2017-11-19 |
| modified | 2008-12-09 |
| published | 2008-12-09 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-4532 |
| title | Sun Java JDK/JRE安全更新修复多个漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://marc.info/?l=bugtraq&m=123678756409861&w=2
- http://marc.info/?l=bugtraq&m=123678756409861&w=2
- http://marc.info/?l=bugtraq&m=123678756409861&w=2
- http://marc.info/?l=bugtraq&m=123678756409861&w=2
- http://marc.info/?l=bugtraq&m=126583436323697&w=2
- http://marc.info/?l=bugtraq&m=126583436323697&w=2
- http://marc.info/?l=bugtraq&m=126583436323697&w=2
- http://marc.info/?l=bugtraq&m=126583436323697&w=2
- http://rhn.redhat.com/errata/RHSA-2008-1018.html
- http://rhn.redhat.com/errata/RHSA-2008-1018.html
- http://rhn.redhat.com/errata/RHSA-2008-1025.html
- http://rhn.redhat.com/errata/RHSA-2008-1025.html
- http://secunia.com/advisories/32991
- http://secunia.com/advisories/32991
- http://secunia.com/advisories/33015
- http://secunia.com/advisories/33015
- http://secunia.com/advisories/33528
- http://secunia.com/advisories/33528
- http://secunia.com/advisories/33709
- http://secunia.com/advisories/33709
- http://secunia.com/advisories/33710
- http://secunia.com/advisories/33710
- http://secunia.com/advisories/34233
- http://secunia.com/advisories/34233
- http://secunia.com/advisories/34259
- http://secunia.com/advisories/34259
- http://secunia.com/advisories/34605
- http://secunia.com/advisories/34605
- http://secunia.com/advisories/34889
- http://secunia.com/advisories/34889
- http://secunia.com/advisories/34972
- http://secunia.com/advisories/34972
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/35065
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/37386
- http://secunia.com/advisories/38539
- http://secunia.com/advisories/38539
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://security.gentoo.org/glsa/glsa-200911-02.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-244990-1
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=
- http://www.redhat.com/support/errata/RHSA-2009-0015.html
- http://www.redhat.com/support/errata/RHSA-2009-0015.html
- http://www.redhat.com/support/errata/RHSA-2009-0016.html
- http://www.redhat.com/support/errata/RHSA-2009-0016.html
- http://www.redhat.com/support/errata/RHSA-2009-0445.html
- http://www.redhat.com/support/errata/RHSA-2009-0445.html
- http://www.securityfocus.com/bid/32608
- http://www.securityfocus.com/bid/32608
- http://www.us-cert.gov/cas/techalerts/TA08-340A.html
- http://www.us-cert.gov/cas/techalerts/TA08-340A.html
- http://www.vupen.com/english/advisories/2008/3339
- http://www.vupen.com/english/advisories/2008/3339
- http://www.vupen.com/english/advisories/2009/0672
- http://www.vupen.com/english/advisories/2009/0672
- http://www.ximido.de/research/advisories/SM_Java-BO_200811.txt
- http://www.ximido.de/research/advisories/SM_Java-BO_200811.txt
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
- http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47060
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47060
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6537
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6537
- https://rhn.redhat.com/errata/RHSA-2009-0466.html
- https://rhn.redhat.com/errata/RHSA-2009-0466.html