Executive Summary
Summary | |
---|---|
Title | Sun Alert 102934 Security Vulnerabilities in the Java Runtime Environment Image Parsing Code May Allow a Untrusted Applet to Elevate Privileges |
Informations | |||
---|---|---|---|
Name | SUN-102934 | First vendor Publication | 2007-07-10 |
Vendor | Sun | Last vendor Modification | 2007-10-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Product: Java 2 Platform, Standard Edition A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. Sun acknowledges, with thanks, Chris Evans of the Google Security Team, for bringing these issues to our attention. These issues are also referenced in the following documents: CVE-2007-2788 at http://www.security-database.com/detail.php?cve=CVE-2007-2788 CVE-2007-2789 at http://www.security-database.com/detail.php?cve=CVE-2007-2789 Avoidance: Patch, Upgrade State: Resolved First released: 31-May-2007 |
Original Source
Url : http://blogs.sun.com/security/entry/sun_alert_102934_security_vulnerabilities |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21711 | |||
Oval ID: | oval:org.mitre.oval:def:21711 | ||
Title: | ELSA-2007:0817: java-1.4.2-ibm security update (Critical) | ||
Description: | The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0817-01 CVE-2007-2435 CVE-2007-2788 CVE-2007-2789 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.4.2-ibm |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Java 2 File : nvt/sles9p5015291.nasl |
2009-10-10 | Name : SLES9: Security update for IBM Java2 JRE and SDK File : nvt/sles9p5015890.nasl |
2009-03-06 | Name : RedHat Update for IBMJava2 RHSA-2008:0133-01 File : nvt/gb_RHSA-2008_0133-01_IBMJava2.nasl |
2009-01-28 | Name : SuSE Update for IBM Java, Sun Java SUSE-SA:2007:045 File : nvt/gb_suse_2007_045.nasl |
2009-01-28 | Name : SuSE Update for IBM Java SUSE-SA:2007:056 File : nvt/gb_suse_2007_056.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200705-23 (sun-jdk,sun-jre-bin) File : nvt/glsa_200705_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-08 (emul-linux-x86-java) File : nvt/glsa_200706_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin) File : nvt/glsa_200709_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86... File : nvt/glsa_200804_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin) File : nvt/glsa_200804_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin) File : nvt/glsa_200806_11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36200 | Sun Java JDK BMP Parsing Remote Privilege Escalation |
36199 | Sun Java JDK Embedded ICC Profile Image Parser Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Oracle JDK image parsing library ICC buffer overflow attempt RuleID : 17727 - Revision : 14 - Type : FILE-OTHER |
2014-01-10 | Sun JDK image parsing library ICC buffer overflow attempt RuleID : 15328 - Revision : 6 - Type : FILE-JAVA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-22 | Name : The remote Unix host has an application that is affected by several vulnerabi... File : sun_java_jre_102934_unix.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1086.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0817.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0829.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0956.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0100.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0133.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO |
2007-12-17 | Name : The remote host is affected by multiple vulnerabilities. File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-ibm-4542.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_4_2-sun-3844.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_java-1_5_0-ibm-4544.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_4_2-sun-3843.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_java-1_5_0-sun-3832.nasl - Type : ACT_GATHER_INFO |
2007-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200709-15.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-08.nasl - Type : ACT_GATHER_INFO |
2007-06-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200705-23.nasl - Type : ACT_GATHER_INFO |
2007-06-02 | Name : The remote Windows host has an application that is affected by several vulner... File : sun_java_jre_102934.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:57:51 |
|