Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:FBDBD572CF3B6466D505AD6BD943EA0F
HistoryFeb 26, 2009 - 12:00 a.m.

Java Runtime Environment JAR manifest Main Class buffer overflow

2009-02-2600:00:00
SAINT Corporation
www.saintcorporation.com
25

0.46 Medium

EPSS

Percentile

97.1%

JSON

Added: 02/26/2009
CVE: CVE-2008-5354
BID: 32608
OSVDB: 50499

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in JRE allows command execution when a user opens a JAR archive containing a manifest file with a specially crafted Main Class entry.

Resolution

Apply the patch referenced in Sun document 244990.

References

<http://www.us-cert.gov/cas/techalerts/TA08-340A.html&gt;

Limitations

Exploit works on Java Runtime Environment 1.6 Update 10 and requires a user to open the exploit file.

Execution of this exploit requires the Digest::CRC PERL module. On Linux systems this is typically found in a package named such as libdigest-crc-perl or perl-Digest-CRC.

Platforms

Windows 2000
Windows XP

Related

prion 1
ubuntucve 1
checkpoint_advisories 1
cve 1
saint 3
nessus 32
securityvulns 2
openvas 41
redhat 6
ubuntu 1
fedora 2
suse 3
seebug 1
vmware 2
oracle 1
gentoo 1
prion
prion
Stack overflow
2008-12-05 11:30:00
ubuntucve
ubuntucve
CVE-2008-5354
2008-12-05 00:00:00
checkpoint_advisories
checkpoint_advisories
Sun Java Runtime Environment JAR File Processing Stack Buffer Overflow (CVE-2008-5354)
2010-07-13 00:00:00
cve
cve
CVE-2008-5354
2008-12-05 11:30:00
saint
saint
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
Java Runtime Environment JAR manifest Main Class buffer overflow
2009-02-26 00:00:00
nessus
nessus
Ubuntu 8.10 : OpenJDK vulnerabilities (USN-713-1)
2009-04-23 00:00:00
RHEL 4 / 5 : java-1.6.0-ibm (RHSA-2009:0015)
2009-08-24 00:00:00
Fedora 10 : java-1.6.0-openjdk-1.6.0.0-7.b12.fc10 (2008-10913)
2009-04-23 00:00:00
securityvulns
securityvulns
[USN-713-1] openjdk-6 vulnerabilities
2009-01-31 00:00:00
Sun Java JRE / JDK / Web Start multiple security vulnerabilities
2009-04-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-713-1)
2009-02-02 00:00:00
Ubuntu USN-713-1 (openjdk-6)
2009-02-02 00:00:00
RedHat Security Advisory RHSA-2009:0015
2009-01-20 00:00:00
redhat
redhat
(RHSA-2009:0015) Critical: java-1.6.0-ibm security update
2009-01-13 00:00:00
(RHSA-2009:0445) Critical: java-1.4.2-ibm security update
2009-04-23 00:00:00
(RHSA-2009:0466) Low: java-1.5.0-ibm security update
2009-05-07 00:00:00
ubuntu
ubuntu
openjdk-6 vulnerabilities
2009-01-27 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: java-1.6.0-openjdk-1.6.0.0-7.b12.fc10
2008-12-07 04:33:22
[SECURITY] Fedora 9 Update: java-1.6.0-openjdk-1.6.0.0-0.20.b09.fc9
2008-12-07 04:27:51
suse
suse
remote code execution in IBM Java 1.4.2 and 6
2009-04-07 14:51:07
local privilege escalation in IBMJava5-JRE,java-1_5_0-ibm
2009-01-29 14:08:00
remote code execution in Sun Java
2009-01-09 15:49:38
seebug
seebug
Sun Java JDK/JRE安全更新修复多个漏洞
2008-12-09 00:00:00
vmware
vmware
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
2009-10-16 00:00:00
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
gentoo
gentoo
Sun JDK/JRE: Multiple vulnerabilities
2009-11-17 00:00:00

0.46 Medium

EPSS

Percentile

97.1%

JSON
Related for SAINT:FBDBD572CF3B6466D505AD6BD943EA0F
prion1ubuntucve1checkpoint_advisories1cve1saint3nessus32securityvulns2openvas41redhat6ubuntu1fedora2suse3seebug1vmware2oracle1gentoo1