CVE-2016-0363

03.06.2016, 14:59

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.1 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
ibm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Vendor	Product	Version
redhat	satellite	5.6
redhat	satellite	5.7
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_hpc_node_supplementary	6.0
redhat	enterprise_linux_hpc_node_supplementary	7.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_eus	6.7
redhat	enterprise_linux_server_eus	7.2
redhat	enterprise_linux_server_eus	7.3
redhat	enterprise_linux_server_eus	7.4
redhat	enterprise_linux_server_eus	7.5
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
novell	suse_linux_enterprise_software_development_kit	11.0:sp4
novell	suse_linux_enterprise_software_development_kit	12.0
novell	suse_linux_enterprise_software_development_kit	12.0:sp1
novell	suse_linux_enterprise_server	11.0:sp2
novell	suse_linux_enterprise_server	11.0:sp3
novell	suse_linux_enterprise_server	11.0:sp4
novell	suse_linux_enterprise_server	12.0
novell	suse_linux_enterprise_server	12.0:sp1
novell	suse_manager	2.1
novell	suse_manager_proxy	2.1
ibm	java_sdk	6.0.0.0 ≤ 𝑥 < 6.0.16.25
ibm	java_sdk	6.1.0.0 ≤ 𝑥 < 6.1.8.25
ibm	java_sdk	7.0.0.0 ≤ 𝑥 < 7.0.9.40
ibm	java_sdk	7.1.0.0 ≤ 𝑥 < 7.1.3.40
ibm	java_sdk	8.0.0.0 ≤ 𝑥 < 8.0.3.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://rhn.redhat.com/errata/RHSA-2016-0716.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://seclists.org/fulldisclosure/2016/Apr/20

http://seclists.org/fulldisclosure/2016/Apr/3

http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172

http://www-01.ibm.com/support/docview.wss?uid=swg21980826

http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf

http://www.securityfocus.com/bid/85895

http://www.securitytracker.com/id/1035953

https://access.redhat.com/errata/RHSA-2016:1430

https://access.redhat.com/errata/RHSA-2017:1216

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00039.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00042.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00058.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00002.html

http://rhn.redhat.com/errata/RHSA-2016-0701.html

http://rhn.redhat.com/errata/RHSA-2016-0702.html

http://rhn.redhat.com/errata/RHSA-2016-0708.html

http://rhn.redhat.com/errata/RHSA-2016-0716.html

http://rhn.redhat.com/errata/RHSA-2016-1039.html

http://seclists.org/fulldisclosure/2016/Apr/20

http://seclists.org/fulldisclosure/2016/Apr/3

http://www-01.ibm.com/support/docview.wss?uid=swg1IX90172

http://www-01.ibm.com/support/docview.wss?uid=swg21980826

http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf

http://www.securityfocus.com/bid/85895

http://www.securitytracker.com/id/1035953

https://access.redhat.com/errata/RHSA-2016:1430

https://access.redhat.com/errata/RHSA-2017:1216