[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-814-1 -- openjdk-6 vulnerabilities

ID: oval:org.secpod.oval:def:700354Date: (C)2011-05-13   (M)2024-02-19
Class: PATCHFamily: unix




It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that certain variables could leak information. If a user were tricked into running a malicious Java applet, a remote attacker could exploit this gain access to private information and potentially run untrusted code. A flaw was discovered the OpenType checking. If a user were tricked into running a malicious Java applet, a remote attacker could bypass access restrictions. It was discovered that the XML processor did not correctly check recursion. If a user or automated system were tricked into processing a specially crafted XML, the system could crash, leading to a denial of service. It was discovered that the Java audio subsystem did not correctly validate certain parameters. If a user were tricked into running an untrusted applet, a remote attacker could read system properties. Multiple flaws were discovered in the proxy subsystem. If a user were tricked into running an untrusted applet, a remote attacker could discover local user names, obtain access to sensitive information, or bypass socket restrictions, leading to a loss of privacy. Flaws were discovered in the handling of JPEG images, Unpack200 archives, and JDK13Services. If a user were tricked into running an untrusted applet, a remote attacker could load a specially crafted file that would bypass local file access protections and run arbitrary code with user privileges

Platform:
Ubuntu 8.10
Ubuntu 9.04
Product:
openjdk-6
Reference:
USN-814-1
CVE-2009-2690
CVE-2009-2689
CVE-2009-2676
CVE-2009-2675
CVE-2009-2674
CVE-2009-2673
CVE-2009-2672
CVE-2009-2671
CVE-2009-2670
CVE-2009-2625
CVE-2009-2476
CVE-2009-2475
CVE-2009-1896
CVE-2009-0217
CVE    14
CVE-2009-0217
CVE-2009-2689
CVE-2009-2476
CVE-2009-2674
...
CPE    2
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© SecPod Technologies