Lucene search

[email protected]CVE-2006-6731

HistoryDec 26, 2006 - 11:28 p.m.

CVE-2006-6731

2006-12-2623:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6731

sun

java

jdk

jre

buffer overflow

security

vulnerabilities

applets

local files

integer overflows

stack overflow

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

sunjdkMatch1.5.0-

sunjdkMatch1.5.0update1

sunjdkMatch1.5.0update2

sunjdkMatch1.5.0update3

sunjdkMatch1.5.0update4

sunjdkMatch1.5.0update5

sunjdkMatch1.5.0update6

sunjdkMatch1.5.0update7

Node

sunjreMatch1.3.1-

sunjreMatch1.3.1_2

sunjreMatch1.3.1_03

sunjreMatch1.3.1_04

sunjreMatch1.3.1_05

sunjreMatch1.3.1_06

sunjreMatch1.3.1_07

sunjreMatch1.3.1_08

sunjreMatch1.3.1_09

sunjreMatch1.3.1_10

sunjreMatch1.3.1_11

sunjreMatch1.3.1_12

sunjreMatch1.3.1_13

sunjreMatch1.3.1_14

sunjreMatch1.3.1_15

sunjreMatch1.3.1_16

sunjreMatch1.3.1_17

sunjreMatch1.3.1_18

sunjreMatch1.4.2-

sunjreMatch1.4.2_1

sunjreMatch1.4.2_2

sunjreMatch1.4.2_3

sunjreMatch1.4.2_4

sunjreMatch1.4.2_5

sunjreMatch1.4.2_6

sunjreMatch1.4.2_7

sunjreMatch1.4.2_8

sunjreMatch1.4.2_9

sunjreMatch1.4.2_10

sunjreMatch1.4.2_11

sunjreMatch1.4.2_12

sunjreMatch1.5.0-

sunjreMatch1.5.0update1

sunjreMatch1.5.0update2

sunjreMatch1.5.0update3

sunjreMatch1.5.0update4

sunjreMatch1.5.0update5

sunjreMatch1.5.0update6

sunjreMatch1.5.0update7

Node

sunsdkMatch1.3.1

sunsdkMatch1.3.1_01

sunsdkMatch1.3.1_01a

sunsdkMatch1.3.1_02

sunsdkMatch1.3.1_03

sunsdkMatch1.3.1_04

sunsdkMatch1.3.1_05

sunsdkMatch1.3.1_06

sunsdkMatch1.3.1_07

sunsdkMatch1.3.1_08

sunsdkMatch1.3.1_09

sunsdkMatch1.3.1_10

sunsdkMatch1.3.1_11

sunsdkMatch1.3.1_12

sunsdkMatch1.3.1_13

sunsdkMatch1.3.1_14

sunsdkMatch1.3.1_15

sunsdkMatch1.3.1_16

sunsdkMatch1.3.1_17

sunsdkMatch1.3.1_18

sunsdkMatch1.4.2

sunsdkMatch1.4.2_1

sunsdkMatch1.4.2_2

sunsdkMatch1.4.2_3

sunsdkMatch1.4.2_4

sunsdkMatch1.4.2_5

sunsdkMatch1.4.2_6

sunsdkMatch1.4.2_7

sunsdkMatch1.4.2_8

sunsdkMatch1.4.2_9

sunsdkMatch1.4.2_10

sunsdkMatch1.4.2_11

sunsdkMatch1.4.2_12

CPENameOperatorVersion
sun:jdksun jdkeq1.5.0

CPE	Name	Operator	Version
sun:jdk	sun jdk	eq	1.5.0

References

dev2dev.bea.com/pub/advisory/243

docs.info.apple.com/article.html?artnum=307177

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html

scary.beasts.org/security/CESA-2005-008.txt

secunia.com/advisories/23445

secunia.com/advisories/23650

secunia.com/advisories/23835

secunia.com/advisories/24099

secunia.com/advisories/24189

secunia.com/advisories/24468

secunia.com/advisories/25283

secunia.com/advisories/25404

secunia.com/advisories/28115

security.gentoo.org/glsa/glsa-200701-15.xml

security.gentoo.org/glsa/glsa-200702-08.xml

securitytracker.com/id?1017425

sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1

www.gentoo.org/security/en/glsa/glsa-200705-20.xml

www.kb.cert.org/vuls/id/149457

www.kb.cert.org/vuls/id/939609

www.novell.com/linux/security/advisories/2007_10_ibmjava.html

www.redhat.com/support/errata/RHSA-2007-0062.html

www.redhat.com/support/errata/RHSA-2007-0072.html

www.redhat.com/support/errata/RHSA-2007-0073.html

www.securityfocus.com/bid/21675

www.us-cert.gov/cas/techalerts/TA07-022A.html

www.vupen.com/english/advisories/2006/5073

www.vupen.com/english/advisories/2007/0936

www.vupen.com/english/advisories/2007/1814

www.vupen.com/english/advisories/2007/4224

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10134

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.8 Medium

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2006-6731

cert2 cvelist1 nvd1 openvas10 securityvulns1 gentoo3 nessus10 suse2 redhat3