Vulnerabilities > CVE-2009-2724 - Race Condition vulnerability in SUN Java SE

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
sun
CWE-362
critical
nessus
NVD
Published: 2009-08-10
Updated: 2018-10-10

Summary

Race condition in the java.lang package in Sun Java SE 5.0 before Update 20 has unknown impact and attack vectors, related to a "3Y Race condition in reflection checks."

Vulnerable Configurations

Part Description Count
Application
Sun
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS8_118667.NASL
    descriptionJavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15
    last seen2020-06-01
    modified2020-06-02
    plugin id19456
    published2005-08-18
    reporterThis script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19456
    titleSolaris 8 (sparc) : 118667-86
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen2020-06-01
    modified2020-06-02
    plugin id89736
    published2016-03-08
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89736
    titleVMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1199.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    modified2020-06-02
    plugin id40748
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40748
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1199)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_118667-61.NASL
    descriptionJavaSE 5.0: update 61 patch (equivalent to JDK 5.0u61), 64bit. Date this patch was last updated by Sun : Jan/14/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107298
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107298
    titleSolaris 10 (sparc) : 118667-61
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS9_118667.NASL
    descriptionJavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15
    last seen2020-06-01
    modified2020-06-02
    plugin id19460
    published2005-08-18
    reporterThis script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/19460
    titleSolaris 9 (sparc) : 118667-86
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id42834
    published2009-11-18
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42834
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0016.NASL
    descriptiona. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer
    last seen2020-06-01
    modified2020-06-02
    plugin id42870
    published2009-11-23
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42870
    titleVMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002.NASL
    descriptiona. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen2020-06-01
    modified2020-06-02
    plugin id45386
    published2010-03-31
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/45386
    titleVMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0016_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start
    last seen2020-06-01
    modified2020-06-02
    plugin id89117
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89117
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_118667.NASL
    descriptionJavaSE 5.0: update 85 patch (equivalent to JDK 5.0u85), 64bit. Date this patch was last updated by Sun : Apr/13/15 This plugin has been deprecated and either replaced with individual 118667 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id19444
    published2005-08-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=19444
    titleSolaris 10 (sparc) : 118667-86 (deprecated)

Redhat

rpms
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-demo-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-devel-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-plugin-0:1.5.0.20-1jpp.1.el5
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el4
  • java-1.5.0-sun-src-0:1.5.0.20-1jpp.1.el5

References