RHSA-2012:0322

Executive Summary

Summary
Title	java-1.6.0-openjdk security update

Informations
Name	RHSA-2012:0322	First vendor Publication	2012-02-21
Vendor	RedHat	Last vendor Modification	2012-02-21
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

It was discovered that Java2D did not properly check graphics rendering
objects before passing them to the native renderer. Malicious input, or an
untrusted Java application or applet could use this flaw to crash the Java
Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)

It was discovered that the exception thrown on deserialization failure did
not always contain a proper identification of the cause of the failure. An
untrusted Java application or applet could use this flaw to bypass Java
sandbox restrictions. (CVE-2012-0505)

The AtomicReferenceArray class implementation did not properly check if
the array was of the expected Object[] type. A malicious Java application
or applet could use this flaw to bypass Java sandbox restrictions.
(CVE-2011-3571)

It was discovered that the use of TimeZone.setDefault() was not restricted
by the SecurityManager, allowing an untrusted Java application or applet to
set a new default time zone, and hence bypass Java sandbox restrictions.
(CVE-2012-0503)

The HttpServer class did not limit the number of headers read from HTTP
requests. A remote attacker could use this flaw to make an application
using HttpServer use an excessive amount of CPU time via a
specially-crafted request. This update introduces a header count limit
controlled using the sun.net.httpserver.maxReqHeaders property. The default
value is 200. (CVE-2011-5035)

The Java Sound component did not properly check buffer boundaries.
Malicious input, or an untrusted Java application or applet could use this
flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion
of its memory. (CVE-2011-3563)

A flaw was found in the AWT KeyboardFocusManager that could allow an
untrusted Java application or applet to acquire keyboard focus and possibly
steal sensitive information. (CVE-2012-0502)

It was discovered that the CORBA (Common Object Request Broker
Architecture) implementation in Java did not properly protect repository
identifiers on certain CORBA objects. This could have been used to modify
immutable object data. (CVE-2012-0506)

An off-by-one flaw, causing a stack overflow, was found in the unpacker for
ZIP files. A specially-crafted ZIP archive could cause the Java Virtual
Machine (JVM) to crash when opened. (CVE-2012-0501)

This erratum also upgrades the OpenJDK package to IcedTea6 1.10.

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2012-0322.html

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14942

Oval ID:	oval:org.mitre.oval:def:14942
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2011-3563	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14772

Oval ID:	oval:org.mitre.oval:def:14772
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0497	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:15069

Oval ID:	oval:org.mitre.oval:def:15069
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0501	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14900

Oval ID:	oval:org.mitre.oval:def:14900
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0502	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14813

Oval ID:	oval:org.mitre.oval:def:14813
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0503	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:13976

Oval ID:	oval:org.mitre.oval:def:13976
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0505	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

Definition Id: oval:org.mitre.oval:def:14082

Oval ID:	oval:org.mitre.oval:def:14082
Title:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
Description:	Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0506	Version:	7
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012	Product(s):	Java Runtime Environment
Definition Synopsis:
Determine if the version of Java Runtime Environment is less than 1.5.0:update34 and is greater than or equal to 1.5.0 Determine if the version of Java Runtime Environment is less than 1.5.0:update34 AND Java SE Runtime Environment 5 is installed OR Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 and is greater than or equal to 1.6.0 Determine if the version of Java Runtime Environment is less than 1.6.0:update_31 AND Java SE Runtime Environment 6 is installed OR Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 and is greater than or equal to 1.7.0 Determine if the version of Java Runtime Environment is less than 1.7.0:update_3 AND Java SE Runtime Environment 7 is installed

CPE : Common Platform Enumeration

Type	Description	Count
Application	Oracle Glassfish Server cpe:/a:oracle:glassfish_server:3.1.1 cpe:/a:oracle:glassfish_server:3.0.1 cpe:/a:oracle:glassfish_server:2.1.1	3
Application	Oracle Jre cpe:/a:oracle:jre:1.7.0 cpe:/a:oracle:jre:1.7.0:update1 cpe:/a:oracle:jre:1.7.0:update2 cpe:/a:oracle:jre:1.6.0:update_24 cpe:/a:oracle:jre:1.6.0:update_26 cpe:/a:oracle:jre:1.6.0:update_25 cpe:/a:oracle:jre:1.6.0:update_29 cpe:/a:oracle:jre:1.6.0:update_30 cpe:/a:oracle:jre:1.6.0:update_27 cpe:/a:oracle:jre:1.6.0:update_23 cpe:/a:oracle:jre:1.6.0:update_22	11
Application	Oracle Virtualization cpe:/a:oracle:virtualization:3.2	1
Application	Sun Jre cpe:/a:sun:jre:1.6.0:update_11 cpe:/a:sun:jre:1.6.0:update_20 cpe:/a:sun:jre:1.6.0:update_1 cpe:/a:sun:jre:1.6.0:update_14 cpe:/a:sun:jre:1.6.0:update_5 cpe:/a:sun:jre:1.6.0:update_21 cpe:/a:sun:jre:1.6.0:update_12 cpe:/a:sun:jre:1.6.0:update_15 cpe:/a:sun:jre:1.6.0:update_17 cpe:/a:sun:jre:1.6.0:update_7 cpe:/a:sun:jre:1.6.0:update_2 cpe:/a:sun:jre:1.6.0:update_3 cpe:/a:sun:jre:1.6.0 cpe:/a:sun:jre:1.6.0:update_16 cpe:/a:sun:jre:1.6.0:update_4 cpe:/a:sun:jre:1.6.0:update_19 cpe:/a:sun:jre:1.6.0:update_6 cpe:/a:sun:jre:1.6.0:update_13 cpe:/a:sun:jre:1.6.0:update_18 cpe:/a:sun:jre:1.6.0:update_10 cpe:/a:sun:jre:1.5.0:update9 cpe:/a:sun:jre:1.5.0:update29 cpe:/a:sun:jre:1.5.0:update6 cpe:/a:sun:jre:1.5.0:update1 cpe:/a:sun:jre:1.5.0:update11 cpe:/a:sun:jre:1.5.0:update18 cpe:/a:sun:jre:1.5.0:update22 cpe:/a:sun:jre:1.5.0:update33 cpe:/a:sun:jre:1.5.0:update19 cpe:/a:sun:jre:1.5.0:update23 cpe:/a:sun:jre:1.5.0:update25 cpe:/a:sun:jre:1.5.0:update31 cpe:/a:sun:jre:1.5.0:update4 cpe:/a:sun:jre:1.5.0:update7 cpe:/a:sun:jre:1.5.0:update5 cpe:/a:sun:jre:1.5.0:update2 cpe:/a:sun:jre:1.5.0:update8 cpe:/a:sun:jre:1.5.0 cpe:/a:sun:jre:1.5.0:update3 cpe:/a:sun:jre:1.5.0:update14 cpe:/a:sun:jre:1.5.0:update20 cpe:/a:sun:jre:1.5.0:update13 cpe:/a:sun:jre:1.5.0:update21 cpe:/a:sun:jre:1.5.0:update15 cpe:/a:sun:jre:1.5.0:update27 cpe:/a:sun:jre:1.5.0:update17 cpe:/a:sun:jre:1.5.0:update16 cpe:/a:sun:jre:1.5.0:update26 cpe:/a:sun:jre:1.5.0:update24 cpe:/a:sun:jre:1.5.0:update28 cpe:/a:sun:jre:1.5.0:update10 cpe:/a:sun:jre:1.5.0:update12 cpe:/a:sun:jre:1.4.2_9 cpe:/a:sun:jre:1.4.2_8 cpe:/a:sun:jre:1.4.2_7 cpe:/a:sun:jre:1.4.2_6 cpe:/a:sun:jre:1.4.2_5 cpe:/a:sun:jre:1.4.2_4 cpe:/a:sun:jre:1.4.2_35 cpe:/a:sun:jre:1.4.2_34 cpe:/a:sun:jre:1.4.2_33 cpe:/a:sun:jre:1.4.2_32 cpe:/a:sun:jre:1.4.2_31 cpe:/a:sun:jre:1.4.2_30 cpe:/a:sun:jre:1.4.2_3 cpe:/a:sun:jre:1.4.2_29 cpe:/a:sun:jre:1.4.2_28 cpe:/a:sun:jre:1.4.2_27 cpe:/a:sun:jre:1.4.2_26 cpe:/a:sun:jre:1.4.2_25 cpe:/a:sun:jre:1.4.2_24 cpe:/a:sun:jre:1.4.2_23 cpe:/a:sun:jre:1.4.2_22 cpe:/a:sun:jre:1.4.2_21 cpe:/a:sun:jre:1.4.2_20 cpe:/a:sun:jre:1.4.2_2 cpe:/a:sun:jre:1.4.2_19 cpe:/a:sun:jre:1.4.2_18 cpe:/a:sun:jre:1.4.2_17 cpe:/a:sun:jre:1.4.2_16 cpe:/a:sun:jre:1.4.2_15 cpe:/a:sun:jre:1.4.2_14 cpe:/a:sun:jre:1.4.2_13 cpe:/a:sun:jre:1.4.2_12 cpe:/a:sun:jre:1.4.2_11 cpe:/a:sun:jre:1.4.2_10 cpe:/a:sun:jre:1.4.2_1 cpe:/a:sun:jre:1.4.2	88

ExploitDB Exploits

id	Description
2012-01-03	PHP Hash Table Collision Proof Of Concept

Open Source Vulnerability Database (OSVDB)

id	Description
78413	Oracle Virtual Desktop Infrastructure Session Component Unspecified Remote Issue
78114	Oracle GlassFish Server Hash Collission Form Parameter Parsing Remote DoS

Metasploit Database

id	Description
2011-12-28	Hashtable Collisions

Type	Count
Oval ID(s)	7
CPE ID(s)	103
osvdb(s)	2
ExploitDB Exploit(s)	1
Metasploit Exploit(s)	1

Related	Severity
CVE-2012-0497	(Critical)
CVE-2012-0505	(High)
CVE-2012-0503	(High)
CVE-2012-0502	(Medium)
CVE-2011-3563	(Medium)
CVE-2012-0501	(Medium)
CVE-2011-5035	(Medium)
CVE-2012-0506	(Medium)
CVE-2011-3571	(Low)