Executive Summary

Summary
Title Sun Alert 254611 Multiple Security Vulnerabilities in Java Plug-in May Allow Privileges to be Escalated
Informations
Name SUN-254611 First vendor Publication 2009-03-24
Vendor Sun Last vendor Modification 2010-01-20
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Sun Java Standard Edition (Java SE)

CR 6646860: A security vulnerability in the Java Plug-in withdeserializing applets may allow an untrusted applet to escalateprivileges. For example, an untrusted applet may grant itselfpermissions to read and write local files or execute local applicationsthat are accessible to the user running the untrusted applet.

CR 6724331: The Java Plug-in allows Javascript code that is loaded fromthe localhost to connect to any port on the system. This may beleveraged together with XSS vulnerabilities in a blended attack toillegally access other applications listening on ports other than theone where the Javascript code was served from.

CR 6706490: The Java Plug-in allows a trusted applet to be launched onan earlier version of the Java Runtime Environment (JRE) provided theuser that downloaded the applet allows it to run on the requestedrelease. A vulnerability allows Javascript code that is present in thesame web page as the applet to exploit known vulnerabilities of therequested JRE.

CR 6798948: A security vulnerability in the Java Plug-in with parsingcrossdomain.xml files may allow an untrusted applet to connect to anysite that provides a crossdomain.xml file instead of sites that allowthe domain that the applet is running on.

CR 6782871: A security vulnerability in the Java Plug-in may allow asigned applet to obscure the contents of the security dialog andthereby trick a user into trusting the applet.

Sun acknowledges with thanks: Gregory Fleischer (for CR 6798948) andMichael Schierl (for CR 6782871).

State: Resolved
First released: 24-Mar-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_254611_multiple_security

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-20 Improper Input Validation
50 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21833
 
Oval ID: oval:org.mitre.oval:def:21833
Title: ELSA-2009:0392: java-1.6.0-sun security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:0392-01
CVE-2006-2426
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1102
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 69
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22708
 
Oval ID: oval:org.mitre.oval:def:22708
Title: ELSA-2009:0394: java-1.5.0-sun security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:0394-01
CVE-2006-2426
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1103
CVE-2009-1104
CVE-2009-1107
Version: 49
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-sun
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22725
 
Oval ID: oval:org.mitre.oval:def:22725
Title: ELSA-2009:1038: java-1.5.0-ibm security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:1038-01
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22876
 
Oval ID: oval:org.mitre.oval:def:22876
Title: ELSA-2009:1198: java-1.6.0-ibm security update (Critical)
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: patch
Reference(s): ELSA-2009:1198-02
CVE-2009-1093
CVE-2009-1094
CVE-2009-1095
CVE-2009-1096
CVE-2009-1097
CVE-2009-1098
CVE-2009-1099
CVE-2009-1100
CVE-2009-1101
CVE-2009-1103
CVE-2009-1104
CVE-2009-1105
CVE-2009-1106
CVE-2009-1107
Version: 61
Platform(s): Oracle Linux 5
Product(s): java-1.6.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6542
 
Oval ID: oval:org.mitre.oval:def:6542
Title: Java Plug-in Bugs Lets Remote Users Gain Privileges
Description: Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1103
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6584
 
Oval ID: oval:org.mitre.oval:def:6584
Title: Sun Java Runtime Environment Java Plug-in Javascript code unauthorized access
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1104
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6585
 
Oval ID: oval:org.mitre.oval:def:6585
Title: Sun Java Runtime Environment Java Plug-in signed applet unauthorized access
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1107
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6619
 
Oval ID: oval:org.mitre.oval:def:6619
Title: Sun Java Runtime Environment Java Plug-in crossdomain.xml information disclosure
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1106
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6642
 
Oval ID: oval:org.mitre.oval:def:6642
Title: Sun Java Runtime Environment Java Plug-in weak security
Description: The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1105
Version: 3
Platform(s): VMWare ESX Server 3.5
VMWare ESX Server 4.0
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3
Application 3

OpenVAS Exploits

Date Description
2010-05-28 Name : Java for Mac OS X 10.5 Update 4
File : nvt/macosx_java_for_10_5_upd_4.nasl
2010-05-28 Name : Java for Mac OS X 10.6 Update 2
File : nvt/macosx_java_for_10_6_upd_2.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 5
File : nvt/sles10_java-1_5_0-ibm1.nasl
2009-10-11 Name : SLES11: Security update for IBM Java 1.6.0
File : nvt/sles11_java-1_6_0-ibm0.nasl
2009-10-10 Name : SLES9: Security update for IBM Java 5 JRE and IBM Java 5 SDK
File : nvt/sles9p5050060.nasl
2009-08-17 Name : RedHat Security Advisory RHSA-2009:1198
File : nvt/RHSA_2009_1198.nasl
2009-06-15 Name : SuSE Security Summary SUSE-SR:2009:011
File : nvt/suse_sr_2009_011.nasl
2009-06-01 Name : HP-UX Update for Java HPSBUX02429
File : nvt/gb_hp_ux_HPSBUX02429.nasl
2009-05-20 Name : RedHat Security Advisory RHSA-2009:1038
File : nvt/RHSA_2009_1038.nasl
2009-04-23 Name : Sun Java JRE Multiple Vulnerabilities (Linux)
File : nvt/gb_sun_java_jre_dos_vuln_lin.nasl
2009-04-23 Name : Sun Java JDK/JRE Multiple Vulnerabilities (Win)
File : nvt/gb_sun_java_jre_dos_vuln_win.nasl
2009-04-06 Name : SuSE Security Advisory SUSE-SA:2009:016 (Sun Java 5 and 6)
File : nvt/suse_sa_2009_016.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0392
File : nvt/RHSA_2009_0392.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0394
File : nvt/RHSA_2009_0394.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53178 Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust...

53177 Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass

53176 Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness

53175 Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass

53174 Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Priv...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : sun_java_jre_254569_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090326_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-04-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1662.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO
2010-03-31 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2010-0002.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0043.nasl - Type : ACT_GATHER_INFO
2009-11-23 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO
2009-11-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200911-02.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-6253.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-090629.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12422.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1198.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1038.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0394.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0392.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_5_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-090327.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_5_0-sun-090328.nasl - Type : ACT_GATHER_INFO
2009-07-09 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_rel9.nasl - Type : ACT_GATHER_INFO
2009-06-17 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update4.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-6125.nasl - Type : ACT_GATHER_INFO
2009-04-01 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_6_0-sun-6128.nasl - Type : ACT_GATHER_INFO
2009-03-27 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : sun_java_jre_254569.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris9_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris9_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris8_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris8_125137.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125139-97
File : solaris10_x86_125139.nasl - Type : ACT_GATHER_INFO
2007-10-12 Name : The remote host is missing Sun Security Patch number 125137-97
File : solaris10_125137.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris9_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris8_x86_118669.nasl - Type : ACT_GATHER_INFO
2005-09-06 Name : The remote host is missing Sun Security Patch number 118669-86
File : solaris10_x86_118669.nasl - Type : ACT_GATHER_INFO