thr3ads.net - Secure testing team - [Secure-testing-team] Bug#490260: sun-java5: several vulnerabilities [Jul 2008]

If this information is useful, please help other people find it:
Share via:
Steffen Joeris
2008-Jul-11 02:47 UTC
[Secure-testing-team] Bug#490260: sun-java5: several vulnerabilities

Package: sun-java5
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for sun-java5.

CVE-2008-3115[0]:
| Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and
| earlier, and 5.0 Update 6 through 15, does not properly prevent
| execution of applets on older JRE releases, which might allow remote
| attackers to exploit vulnerabilities in these older releases.

CVE-2008-3114[1]:
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
| before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE
| 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain
| sensitive information (the cache location) via an untrusted
| application, aka CR 6704074.

CVE-2008-3113[2]:
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0
| before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote
| attackers to create or delete arbitrary files via an untrusted
| application, aka CR 6704077.

CVE-2008-3112[3]:
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
| before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE
| 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary
| files via an untrusted application, aka CR 6703909.

CVE-2008-3111[4]:
| Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6
| before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE
| 1.4.x before 1.4.2_18 allow context-dependent attackers to gain
| privileges via an untrusted application, as demonstrated by an
| application that grants itself privileges to (1) read local files, (2)
| write to local files, or (3) execute local programs, aka CR 6557220.

CVE-2008-3110[5]:
| Unspecified vulnerability in scripting language support in Sun Java
| Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows
| remote attackers to obtain sensitive information by using an applet to
| read information from another applet.

CVE-2008-3109[6]:
| Unspecified vulnerability in scripting language support in Sun Java
| Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows
| context-dependent attackers to gain privileges via an untrusted (1)
| application or (2) applet, as demonstrated by an application or applet
| that grants itself privileges to (a) read local files, (b) write to
| local files, or (c) execute local programs.

CVE-2008-3108[7]:
| Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE
| 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and
| JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain
| privileges via unspecified vectors related to font processing.

CVE-2008-3107[8]:
| Unspecified vulnerability in the Virtual Machine in Sun Java Runtime
| Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0
| before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows
| context-dependent attackers to gain privileges via an untrusted (1)
| application or (2) applet, as demonstrated by an application or applet
| that grants itself privileges to (a) read local files, (b) write to
| local files, or (c) execute local programs.

CVE-2008-3106[9]:
| Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK
| and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and
| earlier allows remote attackers to access URLs via unknown vectors
| involving processing of XML data by an untrusted (1) application or
| (2) applet, a different vulnerability than CVE-2008-3105.

CVE-2008-3105[10]:
| Unspecified vulnerability in the JAX-WS client and service in Sun Java
| Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows
| remote attackers to access URLs or cause a denial of service via
| unknown vectors involving "processing of XML data" by a trusted
| application.

CVE-2008-3104[11]:
| Multiple unspecified vulnerabilities in Sun Java Runtime Environment
| (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update
| 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before
| 1.3.1_23 allow remote attackers to violate the security model for an
| applet''s outbound connections by connecting to localhost services
| running on the machine that loaded the applet.

CVE-2008-3103[12]:
| Unspecified vulnerability in the Java Management Extensions (JMX)
| management agent in Sun Java Runtime Environment (JRE) in JDK and JRE
| 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when
| local monitoring is enabled, allows remote attackers to "perform
| unauthorized operations" via unspecified vectors.

Could you please check that they are addressed in the sun-java package?
I put severity grave for now, feel free to adjust it.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3115
    http://security-tracker.debian.net/tracker/CVE-2008-3115
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3114
    http://security-tracker.debian.net/tracker/CVE-2008-3114
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3113
    http://security-tracker.debian.net/tracker/CVE-2008-3113
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3112
    http://security-tracker.debian.net/tracker/CVE-2008-3112
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3111
    http://security-tracker.debian.net/tracker/CVE-2008-3111
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3110
    http://security-tracker.debian.net/tracker/CVE-2008-3110
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3109
    http://security-tracker.debian.net/tracker/CVE-2008-3109
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3108
    http://security-tracker.debian.net/tracker/CVE-2008-3108
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3107
    http://security-tracker.debian.net/tracker/CVE-2008-3107
[9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3106
    http://security-tracker.debian.net/tracker/CVE-2008-3106
[10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3105
    http://security-tracker.debian.net/tracker/CVE-2008-3105
[11] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3104
    http://security-tracker.debian.net/tracker/CVE-2008-3104
[12] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3103
    http://security-tracker.debian.net/tracker/CVE-2008-3103
Secure testing team - Jul 2008 - Bug#490260: sun-java5: several vulnerabilities

[Secure-testing-team] Bug#490260: sun-java5: several vulnerabilities
