Executive Summary

Summary
Title Sun Alert 244988 Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
Informations
Name SUN-244988 First vendor Publication 2008-12-03
Vendor Sun Last vendor Modification 2008-12-03
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Java Platform, Standard Edition (Java SE)

Multiple security vulnerabilities exist in Java Web Start and Java Plug-in that may allow escalation of privileges. These include:

CR 6727079: A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from.

CR 6727081: A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application.

CR 6694892:  A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties.

CR 6727071: A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application.

CR 6707535:  A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.

CR 6716217: A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.

CR 6767668: A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application.

Sun acknowledges with thanks, the following:

For CRs 6727079, 6727081 and 6727071:

Peter Csepely working with Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com)


For CR 6694892:

Virtual Security Research (VSR) http://www.vsecurity.com/ for bringing this issue to our attention.

Additional information on this issue can be found in the following advisory from Virtual Security Research:

http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt


For CR 6707535:

Billy Rios of Microsoft and Nate Mcfeters of Ernst and Young


For CR 6716217:

Peter Csepely working with Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com)

John Heasman of NGSSoftware


State: Resolved
First released: 03-Dec-2008

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_244988_multiple_security

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-200 Information Exposure
25 % CWE-264 Permissions, Privileges, and Access Controls
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5601
 
Oval ID: oval:org.mitre.oval:def:5601
Title: Java Web Start Bugs Let Remote Users Read/Write Files, Execute Arbitrary Code, and Establish Network Connections
Description: Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
Family: unix Class: vulnerability
Reference(s): CVE-2008-2086
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5924
 
Oval ID: oval:org.mitre.oval:def:5924
Title: Sun Java Web Start and Java Plug-in JAR File Privilege Escalation Vulnerability
Description: Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows remote attackers to make unauthorized network connections and hijack HTTP sessions via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR" and CR 6707535.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5343
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6249
 
Oval ID: oval:org.mitre.oval:def:6249
Title: Sun Java Web Start and Java Plug-in applet class security bypass
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets to read arbitrary files and make unauthorized network connections via unknown vectors related to applet classloading, aka 6716217.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5344
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6359
 
Oval ID: oval:org.mitre.oval:def:6359
Title: Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in
Description: Unspecified vulnerability in the BasicService for Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted downloaded applications to cause local files to be displayed in the browser of the user of the untrusted application via unknown vectors, aka 6767668.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5342
Version: 3
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6409
 
Oval ID: oval:org.mitre.oval:def:6409
Title: Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5339
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6529
 
Oval ID: oval:org.mitre.oval:def:6529
Title: Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted JWS applications to obtain the pathname of the JWS cache and the application username via unknown vectors, aka CR 6727071.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5341
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6627
 
Oval ID: oval:org.mitre.oval:def:6627
Title: Sun Java Multiple Code Execution and Security Bypass Vulnerabilities
Description: Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access local files or applications via unknown vectors, aka 6727081.
Family: unix Class: vulnerability
Reference(s): CVE-2008-5340
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 362
Application 398
Application 94

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 3
File : nvt/macosx_java_for_10_5_upd_3.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm0.nasl
2009-10-13 Name : SLES10: Security update for Sun Java 1.4.2
File : nvt/sles10_java-1_4_2-sun.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm2.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.4.2
File : nvt/sles11_java-1_4_2-ibm.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm.nasl
2009-10-10 Name : SLES9: Security update for Sun Java
File : nvt/sles9p5040565.nasl
2009-10-10 Name : SLES9: Security update for IBM Java5 JRE and SDK
File : nvt/sles9p5041763.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5046860.nasl
2009-05-20 Name : SuSE Security Summary SUSE-SR:2009:010
File : nvt/suse_sr_2009_010.nasl
2009-05-05 Name : HP-UX Update for Java HPSBUX02411
File : nvt/gb_hp_ux_HPSBUX02411.nasl
2009-04-28 Name : RedHat Security Advisory RHSA-2009:0445
File : nvt/RHSA_2009_0445.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0369
File : nvt/RHSA_2009_0369.nasl
2009-03-13 Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl
2009-03-13 Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0016
File : nvt/RHSA_2009_0016.nasl
2009-01-20 Name : RedHat Security Advisory RHSA-2009:0015
File : nvt/RHSA_2009_0015.nasl
2009-01-13 Name : SuSE Security Advisory SUSE-SA:2009:001 (Sun Java)
File : nvt/suse_sa_2009_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
50514 Sun Java JDK / JRE Java Web Start BasicService Arbitrary File Access

50513 Sun Java JDK / JRE Applet Classloading Privilege Escalation

50512 Sun Java JDK / JRE Jave Web Start / Plug-in HTTP Session Hijacking

50511 Sun Java JDK / JRE Java Web Start SingleInstanceImpl Class SI_FILEDIR Propert...

50510 Sun Java JDK / JRE Java Web Start (JWS) JNLP File System Properties Override ...

50509 Sun Java JDK / JRE Java Web Start Application file: Protocol Arbitrary File A...

50497 Sun Java JDK / JRE Java Web Start Application JNLP File Handling Socket Restr...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Snort® IPS/IDS

Date Description
2014-01-10 Oracle Java Web Start Splashscreen GIF decoding buffer overflow attempt
RuleID : 17395 - Revision : 14 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_244986_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090117_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40374.nasl - Type : ACT_GATHER_INFO
2009-12-14 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_40375.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12321.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5960.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-5852.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-090405.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12387.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12336.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0445.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0369.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0015.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1018.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-1025.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-081217.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel8.nasl - Type : ACT_GATHER_INFO
2009-02-13 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update3.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-5875.nasl - Type : ACT_GATHER_INFO
2009-01-07 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-5876.nasl - Type : ACT_GATHER_INFO
2008-12-04 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_244986.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-02-06 19:08:21
  • Multiple Updates