Executive Summary

Informations
Name CVE-2008-5356 First vendor Publication 2008-12-05
Vendor Cve Last vendor Modification 2017-09-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5356

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6494
 
Oval ID: oval:org.mitre.oval:def:6494
Title: Sun Java Runtime Environment TrueType font buffer overflow
Description: Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5356
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 359
Application 395
Application 94

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-11-23 Name : Gentoo Security Advisory GLSA 200911-02 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_200911_02.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5046860.nasl
2009-10-10 Name : SLES9: Security update for IBM Java5 JRE and SDK
File : nvt/sles9p5041763.nasl
2009-10-10 Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-05 Name : HP-UX Update for Java HPSBUX02411
File : nvt/gb_hp_ux_HPSBUX02411.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0369
File : nvt/RHSA_2009_0369.nasl
2009-03-13 Name : SuSE Security Summary SUSE-SR:2009:006
File : nvt/suse_sr_2009_006.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913
File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-13 Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50516 Sun Java JDK / JRE TrueType Font Processing Heap Overflow

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12336.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12387.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0369.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/32608
CERT http://www.us-cert.gov/cas/techalerts/TA08-340A.html
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-485.htm
http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914...
http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf
GENTOO http://security.gentoo.org/glsa/glsa-200911-02.xml
HP http://marc.info/?l=bugtraq&m=123678756409861&w=2
http://marc.info/?l=bugtraq&m=126583436323697&w=2
IDEFENSE http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=757
OSVDB http://osvdb.org/50516
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://rhn.redhat.com/errata/RHSA-2008-1018.html
http://rhn.redhat.com/errata/RHSA-2008-1025.html
http://www.redhat.com/support/errata/RHSA-2009-0016.html
http://www.redhat.com/support/errata/RHSA-2009-0369.html
https://rhn.redhat.com/errata/RHSA-2009-0466.html
SECUNIA http://secunia.com/advisories/32991
http://secunia.com/advisories/33015
http://secunia.com/advisories/33187
http://secunia.com/advisories/33710
http://secunia.com/advisories/34233
http://secunia.com/advisories/34259
http://secunia.com/advisories/34447
http://secunia.com/advisories/34605
http://secunia.com/advisories/34972
http://secunia.com/advisories/35065
http://secunia.com/advisories/37386
http://secunia.com/advisories/38539
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-244987-1
SUSE http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
VUPEN http://www.vupen.com/english/advisories/2008/3339
http://www.vupen.com/english/advisories/2009/0672
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/47103

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Date Informations
2024-02-02 01:09:51
  • Multiple Updates
2024-02-01 12:02:51
  • Multiple Updates
2023-09-05 12:09:12
  • Multiple Updates
2023-09-05 01:02:43
  • Multiple Updates
2023-09-02 12:09:18
  • Multiple Updates
2023-09-02 01:02:44
  • Multiple Updates
2023-08-12 12:10:55
  • Multiple Updates
2023-08-12 01:02:43
  • Multiple Updates
2023-08-11 12:09:20
  • Multiple Updates
2023-08-11 01:02:49
  • Multiple Updates
2023-08-06 12:08:58
  • Multiple Updates
2023-08-06 01:02:45
  • Multiple Updates
2023-08-04 12:09:03
  • Multiple Updates
2023-08-04 01:02:47
  • Multiple Updates
2023-07-14 12:09:01
  • Multiple Updates
2023-07-14 01:02:45
  • Multiple Updates
2023-03-29 01:10:16
  • Multiple Updates
2023-03-28 12:02:51
  • Multiple Updates
2022-10-11 12:08:01
  • Multiple Updates
2022-10-11 01:02:34
  • Multiple Updates
2021-05-05 01:05:20
  • Multiple Updates
2021-05-04 12:08:30
  • Multiple Updates
2021-04-22 01:08:51
  • Multiple Updates
2020-05-24 01:05:07
  • Multiple Updates
2020-05-23 00:22:41
  • Multiple Updates
2019-07-31 12:02:37
  • Multiple Updates
2018-11-30 12:02:36
  • Multiple Updates
2018-10-10 12:02:32
  • Multiple Updates
2017-09-29 09:23:51
  • Multiple Updates
2017-08-08 09:24:33
  • Multiple Updates
2016-08-23 09:24:33
  • Multiple Updates
2016-06-28 17:21:58
  • Multiple Updates
2016-04-26 18:05:38
  • Multiple Updates
2016-03-04 13:26:24
  • Multiple Updates
2014-02-17 10:47:30
  • Multiple Updates
2013-11-11 12:38:08
  • Multiple Updates
2013-05-11 00:31:46
  • Multiple Updates