Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3111

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3111
Last Modified 29 Oct 2012 11:13:33
Published 09 Jul 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3111

Summary

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

Vulnerable Systems

Application

  • Sun Jdk 5.0

  • Sun Jdk 6

  • Sun Jre 1.4

  • Sun Jre 1.4.2

  • Sun Jre 1.4.2 01

  • Sun Jre 1.4.2 02

  • Sun Jre 1.4.2 03

  • Sun Jre 1.4.2 04

  • Sun Jre 1.4.2 05

  • Sun Jre 1.4.2 06

  • Sun Jre 1.4.2 07

  • Sun Jre 1.4.2 16

  • Sun Jre 1.4.2 17

  • Sun Jre 5.0

  • Sun Jre 6

  • Sun Sdk 1.4

  • Sun Sdk 1.4.2

  • Sun Sdk 1.4.2 01

  • Sun Sdk 1.4.2 02

  • Sun Sdk 1.4.2 03

  • Sun Sdk 1.4.2 04

  • Sun Sdk 1.4.2 05

  • Sun Sdk 1.4.2 06

  • Sun Sdk 1.4.2 07

  • Sun Sdk 1.4.2 08

  • Sun Sdk 1.4.2 09

  • Sun Sdk 1.4.2 10

  • Sun Sdk 1.4.2 11

  • Sun Sdk 1.4.2 12

  • Sun Sdk 1.4.2 13

  • Sun Sdk 1.4.2 14

  • Sun Sdk 1.4.2 15

  • Sun Sdk 1.4.2 16

  • Sun Sdk 1.4.2 17


References

CERT - TA08-193A

SUNALERT - 238905

XF - sun-javawebstart-unspecified-bo(43664)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-043/

VUPEN - ADV-2008-2740

VUPEN - ADV-2008-2056

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0016.html

SECTRACK - 1020452

BID - 30148

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues

BUGTRAQ - 20080717 ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow

REDHAT - RHSA-2008:0790

REDHAT - RHSA-2008:0595

CONFIRM - http://support.apple.com/kb/HT3179

CONFIRM - http://support.apple.com/kb/HT3178

GENTOO - GLSA-200911-02

SECUNIA - 37386

SECUNIA - 32180

SECUNIA - 32179

SECUNIA - 32018

SECUNIA - 31600

SECUNIA - 31497

SECUNIA - 31320

SECUNIA - 31055

SECUNIA - 31010

BUGTRAQ - 20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and

SUSE - SUSE-SA:2008:045

SUSE - SUSE-SA:2008:043

SUSE - SUSE-SA:2008:042

APPLE - APPLE-SA-2008-09-24

SECUNIA - 31736

Related Patches

Apple 2008-09-24 Java for Mac OS X 10.4 Release 7

Novell SUSE 2008:5431 java-1_4_2-sun security update for SLE 10 i586


Last Updated: 27 May 2016 10:47:14