Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200701-15
HistoryJan 22, 2007 - 12:00 a.m.

Sun JDK/JRE: Multiple vulnerabilities

2007-01-2200:00:00
Gentoo Foundation
security.gentoo.org
11

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.101 Low

EPSS

Percentile

94.9%

JSON

Background

The Sun Java Development Kit (JDK) and the Sun Java Runtime Environment (JRE) provide the Sun Java platform.

Description

Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition.

Impact

An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM; access data maintained in other Java applets; or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources.

Workaround

There is no known workaround at this time.

Resolution

All Sun Java Development Kit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "dev-java/sun-jdk"

All Sun Java Runtime Environment users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "dev-java/sun-jre-bin"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-java/sun-jdk< 1.5.0.09UNKNOWN
Gentooanyalldev-java/sun-jre-bin< 1.5.0.09UNKNOWN

Related

nessus 12
openvas 13
gentoo 2
suse 3
redhat 3
securityvulns 1
cve 4
cert 3
nessus
nessus
SUSE-SA:2007:003: Sun Java
2007-02-18 00:00:00
Sun Java JRE Multiple Vulnerabilities (102729 / 102732) (Unix)
2013-02-22 00:00:00
GLSA-200705-20 : Blackdown Java: Applet privilege escalation
2007-05-29 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200701-15 (java)
2008-09-24 00:00:00
SuSE Update for Sun Java SUSE-SA:2007:003
2009-01-28 00:00:00
Gentoo Security Advisory GLSA 200705-20 (blackdown-jdk,blackdown-jre)
2008-09-24 00:00:00
gentoo
gentoo
Blackdown Java: Applet privilege escalation
2007-05-26 00:00:00
AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
2007-02-17 00:00:00
suse
suse
remote code execution in Sun Java
2007-01-09 12:49:08
remote code execution in IBMJava2
2007-01-18 16:13:31
remote code execution in IBM Java, Sun Java
2007-07-18 17:38:23
redhat
redhat
(RHSA-2007:0062) Critical: java-1.4.2-ibm security update
2007-02-07 00:00:00
(RHSA-2007:0073) Critical: java-1.5.0-ibm security update
2007-02-09 00:00:00
(RHSA-2007:0072) Critical: IBMJava2 security update
2007-02-08 00:00:00
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA07-022A
2007-01-23 00:00:00
cve
cve
CVE-2006-6745
2006-12-26 23:28:00
CVE-2006-6731
2006-12-26 23:28:00
CVE-2006-6737
2006-12-26 23:28:00
cert
cert
Sun Java JRE vulnerable to privilege escalation
2007-01-09 00:00:00
Sun Java JRE vulnerable to arbitrary code execution via an undetermined error
2007-01-09 00:00:00
Sun Java JRE vulnerable to arbitrary code execution via an unspecified error
2007-01-09 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.101 Low

EPSS

Percentile

94.9%

JSON
Related for GLSA-200701-15
nessus12openvas13gentoo2suse3redhat3securityvulns1cve4cert3