Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1096

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1096
Last Modified 23 Mar 2012 12:00:00
Published 25 Mar 2009 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1096

Summary

Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.

Vulnerable Systems

Application

  • Sun Jdk 1.5.0

  • Sun Jdk 1.6.0

  • Sun Jdk 5.0

  • Sun Jdk 6

  • Sun Jre 1.5.0

  • Sun Jre 1.6.0

  • Sun Jre 5.0

  • Sun Jre 6


References

SUNALERT - 254570

MISC - http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1

REDHAT - RHSA-2009:1198

REDHAT - RHSA-2009:0377

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-1426

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-748-1

SECTRACK - 1021894

BID - 34240

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

REDHAT - RHSA-2009:1038

REDHAT - RHSA-2009:0394

REDHAT - RHSA-2009:0392

MANDRIVA - MDVSA-2009:162

MANDRIVA - MDVSA-2009:137

DEBIAN - DSA-1769

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

SUNALERT - 1020225

GENTOO - GLSA-200911-02

SECUNIA - 37460

SECUNIA - 37386

SECUNIA - 36185

SECUNIA - 35416

SECUNIA - 35255

SECUNIA - 35223

SECUNIA - 35156

SECUNIA - 34675

SECUNIA - 34632

SECUNIA - 34496

SECUNIA - 34495

SECUNIA - 34489

HP - HPSBUX02429

SUSE - SUSE-SA:2009:036

SUSE - SUSE-SR:2009:011

SUSE - SUSE-SA:2009:029

SUSE - SUSE-SA:2009:016

HP - HPSBMA02429

HP - SSRT090058

Related Patches

Apple 2009-06-15 Java for Mac OS X 10.4 Release 9

Apple 2009-06-15 Java for Mac OS X 10.5 Update 4


Last Updated: 27 May 2016 10:58:23