CVE-2008-3111

09.07.2008, 23:41

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Vendor	Product	Version
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jdk	5.0
sun	jre	1.4
sun	jre	1.4.2_01:_01
sun	jre	1.4.2_02:_02
sun	jre	1.4.2_03:_03
sun	jre	1.4.2_04:_04
sun	jre	1.4.2_05:_05
sun	jre	1.4.2_06:_06
sun	jre	1.4.2_07:_07
sun	jre	1.4.2_8:_8
sun	jre	1.4.2_9:_9
sun	jre	1.4.2_10:_10
sun	jre	1.4.2_11:_11
sun	jre	1.4.2_12:_12
sun	jre	1.4.2_13:_13
sun	jre	1.4.2_14:_14
sun	jre	1.4.2_15:_15
sun	jre	1.4.2_16:_16
sun	jre	1.4.2_17:_17
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	jre	5.0
sun	sdk	1.4
sun	sdk	1.4.2
sun	sdk	1.4.2_01:_01
sun	sdk	1.4.2_02:_02
sun	sdk	1.4.2_03:_03
sun	sdk	1.4.2_04:_04
sun	sdk	1.4.2_05:_05
sun	sdk	1.4.2_06:_06
sun	sdk	1.4.2_07:_07
sun	sdk	1.4.2_08:_08
sun	sdk	1.4.2_09:_09
sun	sdk	1.4.2_10:_10
sun	sdk	1.4.2_11:_11
sun	sdk	1.4.2_12:_12
sun	sdk	1.4.2_13:_13
sun	sdk	1.4.2_14:_14
sun	sdk	1.4.2_15:_15
sun	sdk	1.4.2_16:_16
sun	sdk	1.4.2_17:_17

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

sun-java5

karmic	dne
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1.5.0-22-0ubuntu0.8.04 released
gutsy	ignored
feisty	ignored
dapper	ignored

sun-java6

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 6-17-0ubuntu1.8.04 released
gutsy	ignored
feisty	ignored
dapper	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://secunia.com/advisories/31010

http://secunia.com/advisories/31055

http://secunia.com/advisories/31320

http://secunia.com/advisories/31497

http://secunia.com/advisories/31600

http://secunia.com/advisories/31736

http://secunia.com/advisories/32018

http://secunia.com/advisories/32179

http://secunia.com/advisories/32180

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://www.redhat.com/support/errata/RHSA-2008-0595.html

http://www.redhat.com/support/errata/RHSA-2008-0790.html

http://www.securityfocus.com/archive/1/494505/100/0/threaded

http://www.securityfocus.com/archive/1/497041/100/0/threaded

http://www.securityfocus.com/bid/30148

http://www.securitytracker.com/id?1020452

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

http://www.vupen.com/english/advisories/2008/2056/references

http://www.vupen.com/english/advisories/2008/2740

http://www.zerodayinitiative.com/advisories/ZDI-08-043/

https://exchange.xforce.ibmcloud.com/vulnerabilities/43664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541

http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://secunia.com/advisories/31010

http://secunia.com/advisories/31055

http://secunia.com/advisories/31320

http://secunia.com/advisories/31497

http://secunia.com/advisories/31600

http://secunia.com/advisories/31736

http://secunia.com/advisories/32018

http://secunia.com/advisories/32179

http://secunia.com/advisories/32180

http://secunia.com/advisories/37386

http://security.gentoo.org/glsa/glsa-200911-02.xml

http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://www.redhat.com/support/errata/RHSA-2008-0595.html

http://www.redhat.com/support/errata/RHSA-2008-0790.html

http://www.securityfocus.com/archive/1/494505/100/0/threaded

http://www.securityfocus.com/archive/1/497041/100/0/threaded

http://www.securityfocus.com/bid/30148

http://www.securitytracker.com/id?1020452

http://www.us-cert.gov/cas/techalerts/TA08-193A.html

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

http://www.vupen.com/english/advisories/2008/2056/references

http://www.vupen.com/english/advisories/2008/2740

http://www.zerodayinitiative.com/advisories/ZDI-08-043/

https://exchange.xforce.ibmcloud.com/vulnerabilities/43664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541