Vulnerabilities > CVE-2009-3867 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SUN JDK and JRE

Attack vector
Attack complexity
Privileges required
Confidentiality impact
Integrity impact
Availability impact
exploit available


Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

Vulnerable Configurations

Part Description Count

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.


  • descriptionSun Java JRE getSoundbank file:// URI Buffer Overflow. CVE-2009-3867. Remote exploits for multiple platform
    last seen2016-02-01
    titleSun Java JRE getSoundbank file:// URI Buffer Overflow
  • descriptionSun Java SE November 2009 Multiple Security Vulnerabilities (2). CVE-2009-3867. Remote exploits for multiple platform
    last seen2016-02-03
    titleSun Java SE November 2009 - Multiple Security Vulnerabilities 2
  • descriptionSun Java SE November 2009 Multiple Security Vulnerabilities (1). CVE-2009-3867. Remote exploit for linux platform
    last seen2016-02-03
    titleSun Java SE November 2009 - Multiple Security Vulnerabilities 1


descriptionThis module exploits a flaw in the getSoundbank function in the Sun JVM. The payload is serialized and passed to the applet via PARAM tags. It must be a native payload. The effected Java versions are JDK and JRE 6 Update 16 and earlier, JDK and JRE 5.0 Update 21 and earlier, SDK and JRE 1.4.2_23 and earlier, and SDK and JRE 1.3.1_26 and earlier. NOTE: Although all of the above versions are reportedly vulnerable, only 1.6.0_u11 and 1.6.0_u16 on Windows XP SP3 were tested.
last seen2020-01-14
titleSun Java JRE getSoundbank file:// URI Buffer Overflow


  • NASL familyMisc.
    descriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities exist. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen2020-06-01
    plugin id64831
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    titleSun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)
    # (C) Tenable Network Security, Inc.
    if (description)
      script_cvs_date("Date: 2018/11/15 20:50:24");
      script_name(english:"Sun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ...) (Unix)");
      script_summary(english:"Checks version of Sun JRE");
    "The remote Unix host contains a runtime environment that is affected by
    multiple vulnerabilities."
    "The version of Sun Java Runtime Environment (JRE) installed on the
    remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 /
    1.3.1_27.  Such versions are potentially affected by the following
    security issues :
      - The Java update mechanism on non-English versions does
        not update the JRE when a new version is available.
      - A command execution vulnerability exists in the Java
        runtime environment deployment toolkit. (269869)
      - An issue in the Java web start installer may be
        leveraged to allow an untrusted Java web start
        application to run as a trusted application. (269870)
      - Multiple buffer and integer overflow vulnerabilities
        exist. (270474)
      - A security vulnerability in the JRE with verifying HMAC
        digests may allow authentication to be bypassed.
      - Two vulnerabilities in the JRE with decoding DER encoded
        data and parsing HTTP headers may separately allow a
        remote client to cause the JRE on the server to run out
        of memory, resulting in a denial of service. (270476)
      - A directory traversal vulnerability in the
        ICC_Profile.getInstance method allows a remote attacker
        to determine the existence of local International Color
        Consortium (ICC) profile files. (Bug #6631533)
      - A denial of service attack is possible via a BMP file
        containing a link to a UNC share pathname for an
        International Color Consortium (ICC) profile file.
        (Bug #6632445)
      - Resurrected classloaders can still have children,
        which could allow a remote attacker to gain
        privileges via unspecified vectors (Bug #6636650)
      - The Abstract Window Toolkit (AWT) does not properly
        restrict the objects that may be sent to loggers, which
        allows attackers to obtain sensitive information via
        vectors related to the implementation of Component,
        KeyboardFocusManager, and DefaultKeyboardFocusManager.
        (Bug #6664512)
      - An unspecified vulnerability in TrueType font parsing
        functionality may lead to a denial of service. (Bug
      - The failure to clone arrays returned by the
        getConfigurations function could lead to multiple,
        unspecified vulnerabilities in the X11 and
        Win32GraphicsDevice subsystems. (Bug #6822057)
      - The TimeZone.getTimeZone method can be used by a remote
        attacker to determine the existence of local files via
        its handling of zoneinfo (aka tz) files. (Bug #6824265)
      - Java Web Start does not properly handle the interaction
        between a signed JAR file and a JNLP application or
        applet. (Bug #6870531)"
      script_set_attribute(attribute:"see_also", value:"");
      script_set_attribute(attribute:"see_also", value:"");
      script_set_attribute(attribute:"see_also", value:"");
      script_set_attribute(attribute:"see_also", value:"");
      script_set_attribute(attribute:"see_also", value:"");
      script_set_attribute(attribute:"see_also", value:"");
    "Update to Sun Java JDK / JRE 6 Update 17, JDK / JRE 5.0 Update 22, SDK
    / JRE 1.4.2_24, or SDK / JRE 1.3.1_27 or later and remove, if necessary,
    any affected versions."
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(22, 94, 119, 189, 200, 264, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/22");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
    # Check each installed JRE.
    installs = get_kb_list_or_exit("Host/Java/JRE/Unmanaged/*");
    info = "";
    vuln = 0;
    vuln2 = 0;
    installed_versions = "";
    granular = "";
    foreach install (list_uniq(keys(installs)))
      ver = install - "Host/Java/JRE/Unmanaged/";
      if (ver !~ "^[0-9.]+") continue;
      installed_versions = installed_versions + " & " + ver;
      if (
        ver =~ "^1\.6\.0_(0[0-9]|1[0-6])([^0-9]|$)" ||
        ver =~ "^1\.5\.0_([01][0-9]|2[01])([^0-9]|$)" ||
        ver =~ "^1\.4\.([01]_|2_([01][0-9]|2[0-3]([^0-9]|$)))" ||
        ver =~ "^1\.3\.(0_|1_([01][0-9]|2[0-6]([^0-9]|$)))"
        dirs = make_list(get_kb_list(install));
        vuln += max_index(dirs);
        foreach dir (dirs)
          info += '\n  Path              : ' + dir;
        info += '\n  Installed version : ' + ver;
        info += '\n  Fixed version     : 1.6.0_17 / 1.5.0_22 / 1.4.2_24 / 1.3.1_27\n';
      else if (ver =~ "^[\d\.]+$")
        dirs = make_list(get_kb_list(install));
        foreach dir (dirs)
          granular += "The Oracle Java version "+ver+" at "+dir+" is not granular enough to make a determination."+'\n';
        dirs = make_list(get_kb_list(install));
        vuln2 += max_index(dirs);
    # Report if any were found to be vulnerable.
    if (info)
      if (report_verbosity > 0)
        if (vuln > 1) s = "s of Java are";
        else s = " of Java is";
        report =
          '\n' +
          'The following vulnerable instance'+s+' installed on the\n' +
          'remote host :\n' +
        security_hole(port:0, extra:report);
      else security_hole(0);
      if (granular) exit(0, granular);
      if (granular) exit(0, granular);
      installed_versions = substr(installed_versions, 3);
      if (vuln2 > 1)
        exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
        exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20091109_JAVA__JDK_1_6_0__ON_SL4_X.NASL
    descriptionCVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky) CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968) CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities (6863503) CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877 CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357) CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358) CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643) CVE-2009-3728 OpenJDK ICC_Profile file existence detection information leak (6631533) CVE-2009-3881 OpenJDK resurrected classloaders can still have children (6636650) CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable variables (6657026,6657138) CVE-2009-3880 OpenJDK UI logging information leakage(6664512) CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057) CVE-2009-3884 OpenJDK zoneinfo file existence information leak (6824265) CVE-2009-3729 JRE TrueType font parsing crash (6815780) CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969) CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets with signed Jar files (6870531) CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752) CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web Start Installer (6872824) CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer overflow via a long file: URL argument (6854303) CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via crafted image file due improper color profiles parsing (6862970) This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    plugin id60691
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleScientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
    #%NASL_MIN_LEVEL 80502
    # (C) Tenable Network Security, Inc.
    # The descriptive text is (C) Scientific Linux.
    if (description)
      script_cvs_date("Date: 2019/10/25 13:36:18");
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3729", "CVE-2009-3865", "CVE-2009-3866", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3872", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2009-3886");
      script_name(english:"Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    "The remote Scientific Linux host is missing one or more security
    "CVE-2009-2409 deprecate MD2 in SSL cert validation (Kaminsky)
    CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem (6862968)
    CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack
    vulnerabilities (6863503)
    CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service
    (6864911) CVE-2009-3877
    CVE-2009-3869 OpenJDK JRE AWT setDifflCM stack overflow (6872357)
    CVE-2009-3871 OpenJDK JRE AWT setBytePixels heap overflow (6872358)
    CVE-2009-3874 OpenJDK ImageI/O JPEG heap overflow (6874643)
    CVE-2009-3728 OpenJDK ICC_Profile file existence detection information
    leak (6631533)
    CVE-2009-3881 OpenJDK resurrected classloaders can still have children
    CVE-2009-3882 CVE-2009-3883 OpenJDK information leaks in mutable
    variables (6657026,6657138)
    CVE-2009-3880 OpenJDK UI logging information leakage(6664512)
    CVE-2009-3879 OpenJDK GraphicsConfiguration information leak(6822057)
    CVE-2009-3884 OpenJDK zoneinfo file existence information leak
    CVE-2009-3729 JRE TrueType font parsing crash (6815780)
    CVE-2009-3872 JRE JPEG JFIF Decoder issue (6862969)
    CVE-2009-3886 JRE REGRESSION:have problem to run JNLP app and applets
    with signed Jar files (6870531)
    CVE-2009-3865 java-1.6.0-sun: ACE in JRE Deployment Toolkit (6869752)
    CVE-2009-3866 java-1.6.0-sun: Privilege escalation in the Java Web
    Start Installer (6872824)
    CVE-2009-3867 java-1.5.0-sun, java-1.6.0-sun: Stack-based buffer
    overflow via a long file: URL argument (6854303)
    CVE-2009-3868 java-1.5.0-sun, java-1.6.0-sun: Privilege escalation via
    crafted image file due improper color profiles parsing (6862970)
    This update fixes several vulnerabilities in the Sun Java 6 Runtime
    Environment and the Sun Java 6 Software Development Kit. These
    vulnerabilities are summarized on the 'Advance notification of
    Security Updates for Java SE' page from Sun Microsystems, listed in
    the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3729,
    CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868,
    CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873,
    CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877,
    CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882,
    CVE-2009-3883, CVE-2009-3884, CVE-2009-3886)
    All running instances of Sun Java must be restarted for the update to
    take effect."
        value:"Update the affected java-1.6.0-sun-compat and / or jdk packages."
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(22, 94, 119, 189, 200, 264, 310, 399);
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    flag = 0;
    if (rpm_check(release:"SL4", reference:"java-1.6.0-sun-compat-")) flag++;
    if (rpm_check(release:"SL4", reference:"jdk-1.6.0_17-fcs")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"java-1.6.0-sun-compat-")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"jdk-1.6.0_17-fcs")) flag++;
    if (flag)
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
    else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1571.NASL
    descriptionUpdated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    plugin id42455
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)
    #%NASL_MIN_LEVEL 80502
    # (C) Tenable Network Security, Inc.
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2009:1571. The text 
    # itself is copyright (C) Red Hat, Inc.
    if (description)
      script_version ("1.32");
      script_cvs_date("Date: 2019/10/25 13:36:14");
      script_cve_id("CVE-2009-2409", "CVE-2009-3728", "CVE-2009-3867", "CVE-2009-3868", "CVE-2009-3869", "CVE-2009-3871", "CVE-2009-3873", "CVE-2009-3874", "CVE-2009-3875", "CVE-2009-3876", "CVE-2009-3877", "CVE-2009-3879", "CVE-2009-3880", "CVE-2009-3881", "CVE-2009-3882", "CVE-2009-3883", "CVE-2009-3884", "CVE-2010-0079");
      script_xref(name:"RHSA", value:"2009:1571");
      script_name(english:"RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)");
      script_summary(english:"Checks the rpm output for the updated packages");
        value:"The remote Red Hat host is missing one or more security updates."
    "Updated java-1.5.0-sun packages that correct several security issues
    are now available for Red Hat Enterprise Linux 4 Extras and 5
    This update has been rated as having critical security impact by the
    Red Hat Security Response Team.
    The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment
    and the Sun Java 5 Software Development Kit.
    This update fixes several vulnerabilities in the Sun Java 5 Runtime
    Environment and the Sun Java 5 Software Development Kit. These
    vulnerabilities are summarized on the 'Advance notification of
    Security Updates for Java SE' page from Sun Microsystems, listed in
    the References section. (CVE-2009-2409, CVE-2009-3728, CVE-2009-3873,
    CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880,
    CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884)
    Note: This is the final update for the java-1.5.0-sun packages, as the
    Sun Java SE Release family 5.0 has now reached End of Service Life.
    The next update will remove the java-1.5.0-sun packages.
    An alternative to Sun Java SE 5.0 is the Java 2 Technology Edition of
    the IBM Developer Kit for Linux, which is available from the Extras
    and Supplementary channels on the Red Hat Network. For users of
    applications that are capable of using the Java 6 runtime, the OpenJDK
    open source JDK is included in Red Hat Enterprise Linux 5 (since 5.3)
    and is supported by Red Hat.
    Users of java-1.5.0-sun should upgrade to these updated packages,
    which correct these issues. All running instances of Sun Java must be
    restarted for the update to take effect."
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Sun Java JRE AWT setDiffICM Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(22, 119, 189, 200, 264, 310, 399);
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-demo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-jdbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-plugin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:java-1.5.0-sun-src");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.4");
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x / 5.x", "Red Hat " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
      rhsa = "RHSA-2009:1571";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      flag = 0;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-demo-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-demo-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-devel-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-devel-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-jdbc-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-plugin-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"i586", reference:"java-1.5.0-sun-src-")) flag++;
      if (rpm_check(release:"RHEL4", cpu:"x86_64", reference:"java-1.5.0-sun-src-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-demo-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-demo-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-devel-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-devel-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-jdbc-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-jdbc-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-plugin-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i586", reference:"java-1.5.0-sun-src-")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"java-1.5.0-sun-src-")) flag++;
      if (flag)
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "java-1.5.0-sun / java-1.5.0-sun-demo / java-1.5.0-sun-devel / etc");
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1647.NASL
    descriptionUpdated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
    last seen2020-06-01
    plugin id43079
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 4 / 5 : java-1.5.0-ibm (RHSA-2009:1647)
  • NASL familyMacOS X Local Security Checks
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 1. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen2019-10-28
    plugin id43003
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    titleMac OS X : Java for Mac OS X 10.6 Update 1
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_5_0-SUN-091109.NASL
    descriptionjava-1_5_0-sun u22 update fixes the following security bugs : - CVE-2009-3864: CVSS v2 Base Score: 7.5 - CVE-2009-3867: CVSS v2 Base Score: 9.3 - CVE-2009-3868: CVSS v2 Base Score: 9.3 - CVE-2009-3869: CVSS v2 Base Score: 9.3 - CVE-2009-3871: CVSS v2 Base Score: 9.3 - CVE-2009-3872: CVSS v2 Base Score: 10.0 - CVE-2009-3873: CVSS v2 Base Score: n/a - CVE-2009-3874: CVSS v2 Base Score: 9.3 - CVE-2009-3875: CVSS v2 Base Score: 5.0 - CVE-2009-3876: CVSS v2 Base Score: 5.0 - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details use the CVE-ID to query the Mitre database at please.
    last seen2020-06-01
    plugin id42460
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleopenSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12564.NASL
    descriptionIBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. It also contains a timezone update for the current Fiji change (timezone 1.6.9s). The update fixes the following security issues : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876, CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also refer to for more information about this update.
    last seen2020-06-01
    plugin id43599
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleSuSE9 Security Update : IBM Java 1.5.0 (YOU Patch Number 12564)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_5_0-SUN-091109.NASL
    descriptionjava-1_5_0-sun u22 update fixes the following security bugs : - CVE-2009-3864: CVSS v2 Base Score: 7.5 - CVE-2009-3867: CVSS v2 Base Score: 9.3 - CVE-2009-3868: CVSS v2 Base Score: 9.3 - CVE-2009-3869: CVSS v2 Base Score: 9.3 - CVE-2009-3871: CVSS v2 Base Score: 9.3 - CVE-2009-3872: CVSS v2 Base Score: 10.0 - CVE-2009-3873: CVSS v2 Base Score: n/a - CVE-2009-3874: CVSS v2 Base Score: 9.3 - CVE-2009-3875: CVSS v2 Base Score: 5.0 - CVE-2009-3876: CVSS v2 Base Score: 5.0 - CVE-2009-3877: CVSS v2 Base Score: 5.0 For bug details use the CVE-ID to query the Mitre database at please.
    last seen2020-06-01
    plugin id42457
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleopenSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-1529)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-6757.NASL
    descriptionIBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed: CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen2020-06-01
    plugin id43859
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6757)
  • NASL familyVMware ESX Local Security Checks
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the bundled version of the Java Runtime Environment (JRE).
    last seen2020-06-01
    plugin id89736
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    titleVMware ESX Java Runtime Environment (JRE) Multiple Vulnerabilities (VMSA-2010-0002) (remote check)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-SUN-091113.NASL
    descriptionThe Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. (CVE-2009-3866) - Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. (CVE-2009-3867) - Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. (CVE-2009-3869) - Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. (CVE-2009-3871) - Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. (CVE-2009-3874) - The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 befor e Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to
    last seen2020-06-01
    plugin id42857
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleSuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_4_2-IBM-100105.NASL
    descriptionIBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed : - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen2020-06-01
    plugin id43857
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 11 Security Update : IBM Java 1.4.2 (SAT Patch Number 1744)
  • NASL familyWindows
    descriptionThe version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 17 / 5.0 Update 22 / 1.4.2_24 / 1.3.1_27. Such versions are potentially affected by the following security issues : - The Java update mechanism on non-English versions does not update the JRE when a new version is available. (269868) - A command execution vulnerability exists in the Java runtime environment deployment toolkit. (269869) - An issue in the Java web start installer may be leveraged to allow an untrusted Java web start application to run as a trusted application. (269870) - Multiple buffer and integer overflow vulnerabilities. (270474) - A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. (270475) - Two vulnerabilities in the JRE with decoding DER encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a denial of service. (270476) - A directory traversal vulnerability in the ICC_Profile.getInstance method allows a remote attacker to determine the existence of local International Color Consortium (ICC) profile files. (Bug #6631533) - A denial of service attack is possible via a BMP file containing a link to a UNC share pathname for an International Color Consortium (ICC) profile file. (Bug #6632445) - Resurrected classloaders can still have children, which could allow a remote attacker to gain privileges via unspecified vectors. (Bug #6636650) - The Abstract Window Toolkit (AWT) does not properly restrict the objects that may be sent to loggers, which allows attackers to obtain sensitive information via vectors related to the implementation of Component, KeyboardFocusManager, and DefaultKeyboardFocusManager. (Bug #6664512) - An unspecified vulnerability in TrueType font parsing functionality may lead to a denial of service. (Bug #6815780) - The failure to clone arrays returned by the getConfigurations function could lead to multiple, unspecified vulnerabilities in the X11 and Win32GraphicsDevice subsystems. (Bug #6822057) - The TimeZone.getTimeZone method can be used by a remote attacker to determine the existence of local files via its handling of zoneinfo (aka tz) files. (Bug #6824265) - Java Web Start does not properly handle the interaction between a signed JAR file and a JNLP application or applet. (Bug #6870531)
    last seen2020-06-01
    plugin id42373
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    titleSun Java JRE Multiple Vulnerabilities (269868 / 269869 / 270476 ..)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1560.NASL
    descriptionUpdated java-1.6.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 6 Runtime Environment and the Sun Java 6 Software Development Kit. These vulnerabilities are summarized on the
    last seen2020-06-01
    plugin id42431
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1560)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-6741.NASL
    descriptionIBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see
    last seen2020-06-01
    plugin id49863
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6741)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_5_0-IBM-6740.NASL
    descriptionIBM Java 5 was updated to Service Refresh 11. It fixes lots of bugs and security issues. The timezone update to 1.6.9s (with the latest Fiji change). - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - The Java Runtime Environment includes the Java Web Start technology that uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer. A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio, which is used by the Java Web Start ActiveX control, might allow the Java Web Start ActiveX control to be leveraged to run arbitrary code. This might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-2493) Please also see
    last seen2020-06-01
    plugin id43822
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 6740)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1643.NASL
    descriptionUpdated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.4.2 SR13-FP3 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
    last seen2020-06-01
    plugin id43048
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2009:1643)
  • NASL familyMacOS X Local Security Checks
    descriptionThe remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 6. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user.
    last seen2019-10-28
    plugin id43002
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    titleMac OS X : Java for Mac OS X 10.5 Update 6
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200911-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200911-02 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been reported in the Sun Java implementation. Please review the CVE identifiers referenced below and the associated Sun Alerts for details. Impact : A remote attacker could entice a user to open a specially crafted JAR archive, applet, or Java Web Start application, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Furthermore, a remote attacker could cause a Denial of Service affecting multiple services via several vectors, disclose information and memory contents, write or execute local files, conduct session hijacking attacks via GIFAR files, steal cookies, bypass the same-origin policy, load untrusted JAR files, establish network connections to arbitrary hosts and posts via several vectors, modify the list of supported graphics configurations, bypass HMAC-based authentication systems, escalate privileges via several vectors and cause applet code to be executed with older, possibly vulnerable versions of the JRE. NOTE: Some vulnerabilities require a trusted environment, user interaction, a DNS Man-in-the-Middle or Cross-Site-Scripting attack. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    plugin id42834
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleGLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_12565.NASL
    descriptionIBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed : - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen2020-06-01
    plugin id43854
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE9 Security Update : IBM Java2 JRE and SDK (YOU Patch Number 12565)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2010-0002.NASL
    descriptiona. Java JRE Security Update JRE update to version 1.5.0_22, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project ( has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project ( has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. The Common Vulnerabilities and Exposures project ( has assigned the following names to the security issues fixed in JRE 1.5.0_22: CVE-2009-3728, CVE-2009-3729, CVE-2009-3864, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884, CVE-2009-3886, CVE-2009-3885.
    last seen2020-06-01
    plugin id45386
    reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
    titleVMSA-2010-0002 : VMware vCenter update release addresses multiple security issues in Java JRE
  • NASL familySuSE Local Security Checks
    NASL idSUSE_JAVA-1_4_2-IBM-6755.NASL
    descriptionIBM Java 1.4.2 was updated to 13 fp3. The following security issues were fixed: CVE-2009-3867: A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874)
    last seen2020-06-01
    plugin id49861
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 6755)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_JAVA-1_6_0-IBM-100105.NASL
    descriptionIBM Java 6 was updated to Service Refresh 7. The following security issues were fixed : - A vulnerability in the Java Runtime Environment with decoding DER encoded data might allow a remote client to cause the JRE to crash, resulting in a denial of service condition. (CVE-2009-3876 / CVE-2009-3877) - A buffer overflow vulnerability in the Java Runtime Environment audio system might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3867) - A buffer overflow vulnerability in the Java Runtime Environment with parsing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3868) - An integer overflow vulnerability in the Java Runtime Environment with reading JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3872) - A buffer overflow vulnerability in the Java Runtime Environment with processing JPEG files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files, or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3873) - A security vulnerability in the Java Runtime Environment with verifying HMAC digests might allow authentication to be bypassed. This action can allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures might be vulnerable to this type of attack. (CVE-2009-3875) - A command execution vulnerability in the Java Runtime Environment Deployment Toolkit might be used to run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3865) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3869) - A buffer overflow vulnerability in the Java Runtime Environment with processing image files might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3871) - A security vulnerability in the Java Web Start Installer might be used to allow an untrusted Java Web Start application to run as a trusted application and run arbitrary code. This issue might occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. (CVE-2009-3866) - An integer overflow vulnerability in the Java Runtime Environment with processing JPEG images might allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet might grant itself permissions to read and write local files or run local applications that are accessible to the user running the untrusted applet. (CVE-2009-3874) - A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) might allow authentication to be bypassed. Applications that validate HMAC-based XML digital signatures might be vulnerable to this type of attack. (CVE-2009-0217) Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.
    last seen2020-06-01
    plugin id43872
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    titleSuSE 11 Security Update : IBM Java 1.6.0 (SAT Patch Number 1748)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0043.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Network Satellite Server 5.3. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.3. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment. (CVE-2009-0217, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2676, CVE-2009-3865, CVE-2009-3866, CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877) Users of Red Hat Network Satellite Server 5.3 are advised to upgrade to these updated java-1.6.0-ibm packages, which resolve these issues. For this update to take effect, Red Hat Network Satellite Server must be restarted (
    last seen2020-06-01
    plugin id44029
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 4 / 5 : IBM Java Runtime in Satellite Server (RHSA-2010:0043)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1694.NASL
    descriptionUpdated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The IBM 1.6.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. These vulnerabilities are summarized on the IBM
    last seen2020-06-01
    plugin id43597
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    titleRHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:1694)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_JAVA-1_6_0-SUN-091113.NASL
    descriptionThe Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to
    last seen2020-06-01
    plugin id42853
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_JAVA-1_6_0-SUN-091113.NASL
    descriptionThe Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to
    last seen2020-06-01
    plugin id42855
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_JAVA-1_6_0-SUN-091113.NASL
    descriptionThe Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that poi nts to an unintended trusted application, aka Bug Id 6872824. CVE-2009-3867: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. CVE-2009-3869: Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_ 24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. CVE-2009-3871: Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4. 2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. CVE-2009-3874: Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensi ons in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. CVE-2009-3875: The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital si gnatures, and possibly bypass authentication, via unspecified vectors related to
    last seen2020-06-01
    plugin id42851
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    titleopenSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)


  • accepted2015-04-20T04:00:11.886-04:00
    • nameAslesha Nargolkar
    • nameSushant Kumar Singh
    • nameSushant Kumar Singh
    • namePrashant Kumar
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionStack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
    titleHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities
  • accepted2014-01-20T04:01:29.114-05:00
    • nameJ. Daniel Brown
    • nameChris Coffin
      organizationThe MITRE Corporation
    commentVMware ESX Server 4.0 is installed
    descriptionStack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
    titleSun Java Stack-based Buffer Overflow via a Long File: URL Argument
  • accepted2015-04-20T04:02:35.549-04:00
    • namePai Peng
    • nameSushant Kumar Singh
    • nameSushant Kumar Singh
    • namePrashant Kumar
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionStack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
    titleHP-UX Running Java, Remote Increase in Privilege, Denial of Service and Other Vulnerabilities



  • java-1.6.0-sun-1:
  • java-1.6.0-sun-1:
  • java-1.6.0-sun-demo-1:
  • java-1.6.0-sun-demo-1:
  • java-1.6.0-sun-devel-1:
  • java-1.6.0-sun-devel-1:
  • java-1.6.0-sun-jdbc-1:
  • java-1.6.0-sun-jdbc-1:
  • java-1.6.0-sun-plugin-1:
  • java-1.6.0-sun-plugin-1:
  • java-1.6.0-sun-src-1:
  • java-1.6.0-sun-src-1:
  • java-1.5.0-sun-0:
  • java-1.5.0-sun-0:
  • java-1.5.0-sun-demo-0:
  • java-1.5.0-sun-demo-0:
  • java-1.5.0-sun-devel-0:
  • java-1.5.0-sun-devel-0:
  • java-1.5.0-sun-jdbc-0:
  • java-1.5.0-sun-jdbc-0:
  • java-1.5.0-sun-plugin-0:
  • java-1.5.0-sun-plugin-0:
  • java-1.5.0-sun-src-0:
  • java-1.5.0-sun-src-0:
  • java-1.4.2-ibm-0:
  • java-1.4.2-ibm-0:
  • java-1.4.2-ibm-0:
  • java-1.4.2-ibm-demo-0:
  • java-1.4.2-ibm-demo-0:
  • java-1.4.2-ibm-demo-0:
  • java-1.4.2-ibm-devel-0:
  • java-1.4.2-ibm-devel-0:
  • java-1.4.2-ibm-devel-0:
  • java-1.4.2-ibm-javacomm-0:
  • java-1.4.2-ibm-javacomm-0:
  • java-1.4.2-ibm-jdbc-0:
  • java-1.4.2-ibm-jdbc-0:
  • java-1.4.2-ibm-jdbc-0:
  • java-1.4.2-ibm-plugin-0:
  • java-1.4.2-ibm-plugin-0:
  • java-1.4.2-ibm-plugin-0:
  • java-1.4.2-ibm-src-0:
  • java-1.4.2-ibm-src-0:
  • java-1.4.2-ibm-src-0:
  • java-1.5.0-ibm-1:
  • java-1.5.0-ibm-1:
  • java-1.5.0-ibm-accessibility-1:
  • java-1.5.0-ibm-demo-1:
  • java-1.5.0-ibm-demo-1:
  • java-1.5.0-ibm-devel-1:
  • java-1.5.0-ibm-devel-1:
  • java-1.5.0-ibm-javacomm-1:
  • java-1.5.0-ibm-javacomm-1:
  • java-1.5.0-ibm-jdbc-1:
  • java-1.5.0-ibm-jdbc-1:
  • java-1.5.0-ibm-plugin-1:
  • java-1.5.0-ibm-plugin-1:
  • java-1.5.0-ibm-src-1:
  • java-1.5.0-ibm-src-1:
  • java-1.6.0-ibm-1:
  • java-1.6.0-ibm-1:
  • java-1.6.0-ibm-accessibility-1:
  • java-1.6.0-ibm-demo-1:
  • java-1.6.0-ibm-demo-1:
  • java-1.6.0-ibm-devel-1:
  • java-1.6.0-ibm-devel-1:
  • java-1.6.0-ibm-javacomm-1:
  • java-1.6.0-ibm-javacomm-1:
  • java-1.6.0-ibm-jdbc-1:
  • java-1.6.0-ibm-jdbc-1:
  • java-1.6.0-ibm-plugin-1:
  • java-1.6.0-ibm-plugin-1:
  • java-1.6.0-ibm-src-1:
  • java-1.6.0-ibm-src-1:
  • java-1.6.0-ibm-1:
  • java-1.6.0-ibm-1:
  • java-1.6.0-ibm-devel-1:


  • bid36881
    descriptionJava Runtime Environment AWT setDiffICM buffer overflow
  • bid36881
    descriptionJava Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow


descriptionNo description provided by source.
last seen2017-11-19
titleSun Java JRE getSoundbank file:// URI Buffer Overflow
