Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Java Updates for Multiple Vulnerabilities
Informations
Name TA08-340A First vendor Publication 2008-12-05
Vendor US-CERT Last vendor Modification 2008-12-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Sun has released alerts to address multiple vulnerabilities affecting the Sun Java Runtime Environment. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.

I. Description

The Sun Java Runtime Environment (JRE) allows users to run Java applications in a browser or as standalone programs. Sun has released updates to the Java Runtime Environment software to address multiple vulnerabilities.

Sun released the following alerts to address these issues:

* 244986 : The Java Runtime Environment Creates Temporary Files That Have "Guessable" File Names

* 244987 : Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges

* 244988 : Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation

* 244989 : The Java Runtime Environment (JRE) "Java Update"
Mechanism Does Not Check the Digital Signature of the JRE that it Downloads

* 244990 : A Buffer Overflow Vulnerability in the Java Runtime Environment (JRE) May Allow Privileges to be Escalated

* 244991 : A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated

* 245246 : The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input

* 246266 : Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User's Home Directory

* 246286 : Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys

* 246346 : A Security Vulnerability in Java Runtime Environment
(JRE) With Authenticating Users Through Kerberos May Lead to a Denial of Service (DoS)

* 246366 : Security Vulnerabilities in the Java Runtime Environment (JRE) JAX-WS and JAXB Packages may Allow Privileges to be Escalated

* 246386 : A Security Vulnerability in Java Runtime Environment
(JRE) With Parsing of Zip Files May Allow Reading of Arbitrary Memory Locations

* 246387 : A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost

II. Impact

The impacts of these vulnerabilities vary. The most severe of these vulnerabilities allows a remote attacker to execute arbitrary code.

III. Solution

Apply an update from Sun

These issues are addressed in the following versions of the Sun Java Runtime Environment:

* JDK and JRE 6 Update 11
* JDK and JRE 5.0 Update 17
* SDK and JRE 1.4.2_19
* SDK and JRE 1.3.1_24

If you install the latest version of Java, older versions may remain installed on your computer. If you do not need these older versions, you can remove them by following Sun's instructions.

Disable Java

Disable Java in your web browser, as described in the Securing Your Web Browser document. While this does not fix the underlying vulnerabilities, it does block a common attack vector.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-340A.html

CWE : Common Weakness Enumeration

% Id Name
27 % CWE-200 Information Exposure
27 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-264 Permissions, Privileges, and Access Controls
13 % CWE-189 Numeric Errors (CWE/SANS Top 25)
7 % CWE-287 Improper Authentication
7 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13408
 
Oval ID: oval:org.mitre.oval:def:13408
Title: USN-713-1 -- openjdk-6 vulnerabilities
Description: It was discovered that Java did not correctly handle untrusted applets. If a user were tricked into running a malicious applet, a remote attacker could gain user privileges, or list directory contents. It was discovered that Kerberos authentication and RSA public key processing were not correctly handled in Java. A remote attacker could exploit these flaws to cause a denial of service. It was discovered that Java accepted UTF-8 encodings that might be handled incorrectly by certain applications. A remote attacker could bypass string filters, possible leading to other exploits. Overflows were discovered in Java JAR processing. If a user or automated system were tricked into processing a malicious JAR file, a remote attacker could crash the application, leading to a denial of service. It was discovered that Java calendar objects were not unserialized safely. If a user or automated system were tricked into processing a specially crafted calendar object, a remote attacker could execute arbitrary code with user privileges. It was discovered that the Java image handling code could lead to memory corruption. If a user or automated system were tricked into processing a specially crafted image, a remote attacker could crash the application, leading to a denial of service. It was discovered that temporary files created by Java had predictable names. If a user or automated system were tricked into processing a specially crafted JAR file, a remote attacker could overwrite sensitive information
Family: unix Class: patch
Reference(s): USN-713-1
CVE-2008-5347
CVE-2008-5350
CVE-2008-5348
CVE-2008-5349
CVE-2008-5351
CVE-2008-5352
CVE-2008-5354
CVE-2008-5353
CVE-2008-5358
CVE-2008-5359
CVE-2008-5360
 Version: 5
Platform(s): Ubuntu 8.10
 Product(s): openjdk-6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21870
 
Oval ID: oval:org.mitre.oval:def:21870
Title: ELSA-2009:0445: java-1.4.2-ibm security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2009:0445-01
CVE-2008-2086
CVE-2008-5339
CVE-2008-5340
CVE-2008-5342
CVE-2008-5343
CVE-2008-5344
CVE-2008-5345
CVE-2008-5346
CVE-2008-5348
CVE-2008-5350
CVE-2008-5351
CVE-2008-5353
CVE-2008-5354
CVE-2008-5359
CVE-2008-5360
 Version: 65
Platform(s): Oracle Linux 5
 Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22126
 
Oval ID: oval:org.mitre.oval:def:22126
Title: ELSA-2009:0016: java-1.5.0-ibm security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2009:0016-01
CVE-2008-2086
CVE-2008-5339
CVE-2008-5340
CVE-2008-5341
CVE-2008-5342
CVE-2008-5343
CVE-2008-5344
CVE-2008-5345
CVE-2008-5346
CVE-2008-5348
CVE-2008-5349
CVE-2008-5350
CVE-2008-5351
CVE-2008-5352
CVE-2008-5353
CVE-2008-5354
CVE-2008-5356
CVE-2008-5357
CVE-2008-5359
CVE-2008-5360
 Version: 85
Platform(s): Oracle Linux 5
 Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22263
 
Oval ID: oval:org.mitre.oval:def:22263
Title: ELSA-2008:1018: java-1.6.0-sun security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2008:1018-01
CVE-2008-2086
CVE-2008-5339
CVE-2008-5340
CVE-2008-5341
CVE-2008-5342
CVE-2008-5343
CVE-2008-5344
CVE-2008-5345
CVE-2008-5347
CVE-2008-5348
CVE-2008-5349
CVE-2008-5350
CVE-2008-5351
CVE-2008-5352
CVE-2008-5353
CVE-2008-5354
CVE-2008-5356
CVE-2008-5357
CVE-2008-5358
CVE-2008-5359
CVE-2008-5360
 Version: 89
Platform(s): Oracle Linux 5
 Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22521
 
Oval ID: oval:org.mitre.oval:def:22521
Title: ELSA-2008:1025: java-1.5.0-sun security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2008:1025-01
CVE-2008-2086
CVE-2008-5339
CVE-2008-5340
CVE-2008-5341
CVE-2008-5342
CVE-2008-5343
CVE-2008-5344
CVE-2008-5345
CVE-2008-5346
CVE-2008-5348
CVE-2008-5349
CVE-2008-5350
CVE-2008-5351
CVE-2008-5352
CVE-2008-5353
CVE-2008-5354
CVE-2008-5356
CVE-2008-5357
CVE-2008-5359
CVE-2008-5360
 Version: 85
Platform(s): Oracle Linux 5
 Product(s): java-1.5.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22693
 
Oval ID: oval:org.mitre.oval:def:22693
Title: ELSA-2009:0369: java-1.6.0-ibm security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
Family: unix Class: patch
Reference(s): ELSA-2009:0369-01
CVE-2008-5340
CVE-2008-5341
CVE-2008-5342
CVE-2008-5343
CVE-2008-5351
CVE-2008-5356
CVE-2008-5357
CVE-2008-5358
 Version: 37
Platform(s): Oracle Linux 5
 Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22731
 
Oval ID: oval:org.mitre.oval:def:22731
Title: ELSA-2009:0015: java-1.6.0-ibm security update (Critical)
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: patch
Reference(s): ELSA-2009:0015-01
CVE-2008-2086
CVE-2008-5339
CVE-2008-5344
CVE-2008-5345
CVE-2008-5347
CVE-2008-5348
CVE-2008-5350
CVE-2008-5352
CVE-2008-5353
CVE-2008-5354
CVE-2008-5359
CVE-2008-5360
 Version: 53
Platform(s): Oracle Linux 5
 Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5601
 
Oval ID: oval:org.mitre.oval:def:5601
Title: Java Web Start Bugs Let Remote Users Read/Write Files, Execute Arbitrary Code, and Establish Network Connections
Description: Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2086
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5633
 
Oval ID: oval:org.mitre.oval:def:5633
Title: Sun Java Runtime Environment JAX-WS and JAXB Lets Remote Applets Gain Elevated Privileges
Description: Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5347
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5664
 
Oval ID: oval:org.mitre.oval:def:5664
Title: Sun Java Runtime Environment Java Update Fails to Validate Digital Signatures
Description: The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5355
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5841
 
Oval ID: oval:org.mitre.oval:def:5841
Title: Sun Java Runtime Environment image processing code buffer overflow
Description: Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5359
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5843
 
Oval ID: oval:org.mitre.oval:def:5843
Title: Sun Java Runtime Environment RSA Public Key Processing Bug Lets Remote Users Deny Service
Description: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5349
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5924
 
Oval ID: oval:org.mitre.oval:def:5924
Title: Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
Description: Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5343
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6059
 
Oval ID: oval:org.mitre.oval:def:6059
Title: Sun Java Runtime Environment (JRE) Lets Remote Users Access 'localhost'
Description: Unspecified vulnerability in Java Runtime Environment (JRE) with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier allows code that is loaded from a local filesystem to read arbitrary files and make unauthorized connections to localhost via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5345
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6212
 
Oval ID: oval:org.mitre.oval:def:6212
Title: Java Runtime Environment UTF-8 Decoding Bug May Let Users Bypass Access Restrictions
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5351
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6249
 
Oval ID: oval:org.mitre.oval:def:6249
Title: Sun Java Web Start and Java Plug-in applet class security bypass
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5344
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6319
 
Oval ID: oval:org.mitre.oval:def:6319
Title: Sun Java Runtime Environment GIF images code execution
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5358
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6359
 
Oval ID: oval:org.mitre.oval:def:6359
Title: Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in
Description: Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5342
 Version: 3
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6383
 
Oval ID: oval:org.mitre.oval:def:6383
Title: Sun Java Runtime Environment Buffer Overflow in unpack200 Utility Lets Remote Users Execute Arbitrary Code
Description: Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5352
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6409
 
Oval ID: oval:org.mitre.oval:def:6409
Title: Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5339
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6424
 
Oval ID: oval:org.mitre.oval:def:6424
Title: Sun Java Runtime Environment Lets Remote Users View Directory Contents
Description: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5350
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6494
 
Oval ID: oval:org.mitre.oval:def:6494
Title: Sun Java Runtime Environment TrueType font buffer overflow
Description: Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5356
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6505
 
Oval ID: oval:org.mitre.oval:def:6505
Title: Sun Java Runtime Environment TrueType font integer overflow
Description: Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5357
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6511
 
Oval ID: oval:org.mitre.oval:def:6511
Title: Sun Java Runtime Environment 'Calendar.readObject' Bug Lets Remote Applets Gain Elevated Privileges
Description: The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
Family: unix Class: vulnerability
Reference(s): CVE-2008-5353
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6529
 
Oval ID: oval:org.mitre.oval:def:6529
Title: Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5341
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6537
 
Oval ID: oval:org.mitre.oval:def:6537
Title: Sun Java Runtime Environment JAR Main-Class manifest entry buffer overflow
Description: Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5354
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6549
 
Oval ID: oval:org.mitre.oval:def:6549
Title: Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
Description: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5348
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6596
 
Oval ID: oval:org.mitre.oval:def:6596
Title: Sun Java Runtime Environment temporary files weak security
Description: Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5360
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6627
 
Oval ID: oval:org.mitre.oval:def:6627
Title: Sun Java Multiple Code Execution and Security Bypass Vulnerabilities
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5340
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6629
 
Oval ID: oval:org.mitre.oval:def:6629
Title: Sun Java Runtime Environment zip File Processing Bug Lets Remote Users Read Memory Locations
Description: Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 or earlier allows untrusted applets and applications to read arbitrary memory via a crafted ZIP file.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5346
 Version: 1
Platform(s): VMWare ESX Server 3.5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 359
Application 395
Application 94

SAINT Exploits

Description Link
Java Runtime Environment JAR manifest Main Class buffer overflow More info here

ExploitDB Exploits

id Description
2011-01-08 Signed Applet Social Engineering Code Exec
2010-09-20 Sun Java Calendar Deserialization Exploit
2008-12-03 Sun Java Runtime and Development Kit <= 6 update 10 Calendar Deserializati...
2009-05-20 Mac OS X Java applet Remote Deserialization Remote PoC (updated)

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 3
File : nvt/macosx_java_for_10_5_upd_3.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-10-27 Name : SuSE Security Summary SUSE-SR:2009:017
File : nvt/suse_sr_2009_017.nasl
2009-10-19 Name : RedHat Security Advisory RHSA-2009:1505
File : nvt/RHSA_2009_1505.nasl
2009-10-19 Name : SuSE Security Summary SUSE-SR:2009:016
File : nvt/suse_sr_2009_016.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm0.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl
2009-10-10 Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-10-10 Name : SLES9: Security update for IBM Java5 JRE and SDK
File : nvt/sles9p5041763.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5046860.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5059500.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-05 Name : HP-UX Update for Java HPSBUX02411
File : nvt/gb_hp_ux_HPSBUX02411.nasl
2009-04-28 Name : RedHat Security Advisory RHSA-2009:0445
File : nvt/RHSA_2009_0445.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0369
File : nvt/RHSA_2009_0369.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-03-13 Name : SuSE Security Summary SUSE-SR:2009:006
File : nvt/suse_sr_2009_006.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10913
File : nvt/gb_fedora_2008_10913_java-1.6.0-openjdk_fc10.nasl
2009-02-16 Name : Fedora Update for java-1.6.0-openjdk FEDORA-2008-10860
File : nvt/gb_fedora_2008_10860_java-1.6.0-openjdk_fc9.nasl
2009-02-02 Name : Ubuntu USN-710-1 (xine-lib)
File : nvt/ubuntu_710_1.nasl
2009-02-02 Name : Ubuntu USN-711-1 (ktorrent)
File : nvt/ubuntu_711_1.nasl
2009-02-02 Name : Ubuntu USN-712-1 (vim)
File : nvt/ubuntu_712_1.nasl
2009-02-02 Name : Ubuntu USN-713-1 (openjdk-6)
File : nvt/ubuntu_713_1.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0015
File : nvt/RHSA_2009_0015.nasl
2009-01-13 Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50517 Sun Java JDK / JRE TrueType Font Processing Integer Overflow
50516 Sun Java JDK / JRE TrueType Font Processing Heap Overflow
50515 Sun Java JDK / JRE GIF Image Decoding Memory Corruption
50514 Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access
50513 Sun Java JDK / JRE Applet Classloading Privilege Escalation
50512 Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking
50511 Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert...
50510 Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ...
50509 Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A...
50508 Sun Java JRE LocalHost Network Access Restriction Bypass
50507 Sun Java JDK / JRE ZIP File Parsing Arbitrary Memory Disclosure
50506 Sun Java JDK / JRE JAX-WS / JAXB Packages Internal Classes Applet Privilege E...
50505 Sun Java JDK / JRE Kerberos Authentication Unspecified Remote DoS
50504 Sun Java JDK / JRE RSA Public Key Processing Resource Consumption DoS
50503 Sun Java JDK / JRE Untrusted Applet User Home Directory Content Listing
50502 Sun Java JDK / JRE UTF-8 Decoder Non-shortest Form Sequence Handling Weakness
50501 Sun Java JDK / JRE Unpack200 JAR Utility Privilege Escalation
50500 Sun Java JDK / JRE Deserializing Calendar Object Privilege Escalation

A security vulnerability in the Java Runtime Environment (JRE) related to deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
50499 Sun Java JDK / JRE Command Line Application Overflow
50498 Sun Java JDK / JRE Java Update Mechanism Digital Signature Verification Weakness
50497 Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr...
50496 Sun Java JDK / JRE Java AWT Library ConvolveOp Operation Image Handling Overflow
50495 Sun Java JDK / JRE Environment Temporary File Name Prediction Weakness

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Snort® IPS/IDS

Date Description
2014-01-10 Phoenix exploit kit post-compromise behavior
RuleID : 21860 - Revision : 5 - Type : MALWARE-CNC
2014-01-10 Phoenix exploit kit landing page
RuleID : 21640 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Oracle Java calendar deserialize vulnerability
RuleID : 20238 - Revision : 5 - Type : SERVER-OTHER
2014-01-10 Oracle Java Runtime Environment JAR File Processing Stack Buffer Overflow
RuleID : 17563 - Revision : 12 - Type : FILE-JAVA
2014-01-10 Oracle Java Runtime Environment Pack200 Decompression Integer Overflow attempt
RuleID : 17562 - Revision : 13 - Type : FILE-JAVA
2014-01-10 Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt
RuleID : 17395 - Revision : 14 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090117_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6523.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0466.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1505.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-6508.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090924.nasl - Type : ACT_GATHER_INFO
2009-10-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12511.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12387.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12336.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0369.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0015.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-openjdk-090303.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10913.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-713-1.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel8.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update3.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2008-12-08 Name : The remote Fedora host is missing a security update.
File : fedora_2008-10860.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO