Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3440

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3440
Last Modified 10 Sep 2008 12:00:00
Published 01 Aug 2008 10:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3440

Summary

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Vulnerable Systems

Application

  • Sun Java 1.6.0


References

MISC - http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

SECTRACK - 1020584

FULLDISC - 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations


Last Updated: 27 May 2016 10:48:12