Executive Summary
Summary | |
---|---|
Title | OpenJDK vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1052-1 | First vendor Publication | 2011-01-26 |
Vendor | Ubuntu | Last vendor Modification | 2011-01-26 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes. Details follow: It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented. (CVE-2010-4351) |
Original Source
Url : http://www.ubuntu.com/usn/USN-1052-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21749 | |||
Oval ID: | oval:org.mitre.oval:def:21749 | ||
Title: | RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0176-01 CESA-2011:0176 CVE-2010-3860 CVE-2010-4351 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22663 | |||
Oval ID: | oval:org.mitre.oval:def:22663 | ||
Title: | ELSA-2011:0176: java-1.6.0-openjdk security update (Moderate) | ||
Description: | The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0176-01 CVE-2010-3860 CVE-2010-4351 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27537 | |||
Oval ID: | oval:org.mitre.oval:def:27537 | ||
Title: | DEPRECATED: ELSA-2011-0176 -- java-1.6.0-openjdk security update (moderate) | ||
Description: | [1:1.6.0.0-1.17.b17.0.1.el5] - Add oracle-enterprise.patch [1:1.6.0.0-1.17.b17.el5] - Updated to 1.7.7 tarball - Resolves: bz668487 - Also resolves bz668488 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0176 CVE-2010-3860 CVE-2010-4351 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | java-1.6.0-openjdk |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for java CESA-2011:0176 centos5 x86_64 File : nvt/gb_CESA-2011_0176_java_centos5_x86_64.nasl |
2011-08-09 | Name : CentOS Update for java CESA-2011:0176 centos5 i386 File : nvt/gb_CESA-2011_0176_java_centos5_i386.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2224-1 (openjdk-6) File : nvt/deb_2224_1.nasl |
2011-04-01 | Name : Mandriva Update for java-1.6.0-openjdk MDVSA-2011:054 (java-1.6.0-openjdk) File : nvt/gb_mandriva_MDVSA_2011_054.nasl |
2011-02-04 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerabilities USN-1055-1 File : nvt/gb_ubuntu_USN_1055_1.nasl |
2011-01-31 | Name : RedHat Update for java-1.6.0-openjdk RHSA-2011:0176-01 File : nvt/gb_RHSA-2011_0176-01_java-1.6.0-openjdk.nasl |
2011-01-31 | Name : Ubuntu Update for openjdk-6, openjdk-6b18 vulnerability USN-1052-1 File : nvt/gb_ubuntu_USN_1052_1.nasl |
2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0500 File : nvt/gb_fedora_2011_0500_java-1.6.0-openjdk_fc13.nasl |
2011-01-21 | Name : Fedora Update for java-1.6.0-openjdk FEDORA-2011-0521 File : nvt/gb_fedora_2011_0521_java-1.6.0-openjdk_fc14.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70605 | OpenJDK IcedTea JNLP SecurityManager checkPermission Method Exception Bypass Java OpenJDK contains a flaw related to the 'JNLPSecurityManager' class not properly enforcing security policies in the 'IcedTea.so' component. This may allow a context-dependent attacker to use a crafted website or applet to execute arbitrary code. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-32.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110125_java_1_6_0_openjdk_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_java-1_6_0-openjdk-110118.nasl - Type : ACT_GATHER_INFO |
2011-04-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2224.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2011-03-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-054.nasl - Type : ACT_GATHER_INFO |
2011-02-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1055-1.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1052-1.nasl - Type : ACT_GATHER_INFO |
2011-01-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0176.nasl - Type : ACT_GATHER_INFO |
2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0500.nasl - Type : ACT_GATHER_INFO |
2011-01-20 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0521.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:14 |
|