Sun Java System Web Proxy sockd buffer overflow

Added: 05/30/2007 CVE: CVE-2007-2881 BID: 24165 OSVDB: 35841 Background The Sun Java System Web Proxy Server formerly Sun ONE Web Proxy Server provides content filtering and caching capabilities. It is a companion product to the Sun Java System Web Server. Problem A buffer overflow vulnerability ...

Stack overflow

Multiple stack-based buffer overflows in the SOCKS proxy support sockd in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation...

CVE-2007-2881

Sun Java System Web Proxy Server (sockd) is affected by a buffer overflow in the SOCKS proxy support during protocol negotiation. The issue resides in the sockd daemon and can allow a remote attacker to execute arbitrary code with the privileges of the SOCKS server; impact is described as remote ...

CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

Code injection

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

CVE-2007-2788

CVE-2007-2788 describes an integer overflow in Sun JDK/JRE image parsers that can be triggered by crafted JPEG or BMP files, leading to remote arbitrary code execution or JVM crash via a buffer overflow. Affected are Sun JDK/JRE versions prior to 1.5.0_11-b03 (JDK) and prior to 1.6.x before 1.6.0...

CVE-2007-2789

CVE-2007-2789 concerns the BMP image parser in Sun JDK/JRE on Unix/Linux, where untrusted applets or applications that open arbitrary local files via a crafted BMP can cause the JVM to hang (DoS). Affected product ranges include JDK/JRE prior to 1.5.0_11-b03, 1.6.x prior to 1.6.0_01-b06, and olde...

Mozilla网络安全服务库远程拒绝服务漏洞

网络安全服务（NSS）是一组函数库，可跨平台提供SSL、S/MIME和其他Internet安全标准支持。 Sun Java Enterprise System和Java System目录服务器中所使用的NSS中存在内存泄露漏洞，如果远程攻击者执行了大量RSA加密操作的话，就会耗尽大量系统内存，导致拒绝服务。 Sun Java System Directory Server Enterprise Edition Sun Java System Directory Server 5.2 Mozilla NSS 3.11 临时解决方法： 使用以下命令重启LDAP服务进程：...

Update Protection against Sun Java GIF Image Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Sun Java Runtime Environment JRE. The Sun Java Runtime Environment allows users to run Java applications in a browser or as standalone programs. A remote attacker can exploit this issue to take complete control over an affected system...

Code injection

Unspecified vulnerability in the LDAP Software Development Kit SDK for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service crash via certain BER encodings...

CVE-2007-2466

Unspecified vulnerability in the LDAP Software Development Kit SDK for C, as used in Sun Java System Directory Server 5.2 up to Patch 4 and Sun ONE Directory Server 5.1, allows remote attackers to cause a denial of service crash via certain BER encodings...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

CVE-2007-2435

Affected software: Sun Java Web Start in JDK/JRE 5.0 Update 10 and earlier; and Java Web Start in SDK/JRE 1.4.2_13 and earlier. Root cause: incorrect use of system classes related to JNLP processing. Impact: remote attacker could cause the application to perform unauthorized actions by granting p...

Sun Java Web Start Unauthorized Access (102881)

According to its version number, the Sun Java Runtime Environment JRE installed on the remote host reportedly may allow an untrusted application to elevate its privileges. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...

Sun Java Web Console LibWebconsole_Services.SO Remote Format String

The remote host is running SUN Java Web Console. The remote version of this service does not properly sanitize calls to the syslog function. By sending a specially crafted request it is possible to exploit this format string error. An attacker can exploit it to execute code with the privileges of...