CVE-2009-1093 – OpenJDK remote LDAP Denial-Of-Service (6717680)
https://notcve.org/view.php?id=CVE-2009-1093
LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang). LdapCtx en el servicio LDAP en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 actualización 17 y anteriores; 6 actualización 12 y anteriores; SDK y JRE v1.3.1_24 y anteriores; y v1.4.2_19 y anteriores no cierran la conexión cuando la inicialización falla, lo que permite a los atacantes remotos causar una denegación de servicio (cuelgue del servicio LDAP ). • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34489 http://secunia.co • CWE-16: Configuration •
CVE-2009-1094 – OpenJDK LDAP client remote code execution (6737315)
https://notcve.org/view.php?id=CVE-2009-1094
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. Vulnerabilidad no especificada en la implementación LDAP de Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores, v6 Update 12 y anteriores, SDK y JRE v1.3.1_24 y anteriores, y v1.4.2_19 y anteriores; permite a servidores LDAP remotos ejecutar código de su elección a través de vectores desconocidos relacionados con los datos en serie. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34489 http://secunia.co •
CVE-2009-1098 – OpenJDK GIF processing buffer overflow vulnerability (6804998)
https://notcve.org/view.php?id=CVE-2009-1098
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998. Desbordamiento del búfer en Java SE Development Kit (JDK) y Java Runtime Environment (JRE) v5.0 Update 17 y anteriores; v6 Update 12 y anteriores; v1.4.2_19 y anteriores; y 1.3.1_24 y anteriores, permite a atacantes remotos acceder a ficheros o ejecutar código de su elección a través de una imagen GIF manipulada. También se conoce como CR 6804998. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html http://marc.info/?l=bugtraq&m=124344236532162&w=2 http://secunia.com/advisories/34489 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-5355
https://notcve.org/view.php?id=CVE-2008-5355
The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. La funcionalidad de actualización de Java en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores no verifica la firma del JRE que descarga, permitiendo a atacantes remotos ejecutar código de su elección mediante ataques DNS de man-in-the-middle (hombre en medio). • http://osvdb.org/50498 http://secunia.com/advisories/37386 http://security.gentoo.org/glsa/glsa-200911-02.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-244989-1 http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid= http://www.securitytracker.com/id?1021315 http://www.us-cert.gov/cas/techalerts/TA08-340A.html http://www.vupen.com/english/advisories/2008/3339 http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-0 • CWE-287: Improper Authentication •
CVE-2008-5348 – OpenJDK Denial-Of-Service in kerberos authentication (6588160)
https://notcve.org/view.php?id=CVE-2008-5348
Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. Vulnerabilidad no especificada en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y SDK y JRE v1.4.2_18 y anteriores, cuando usan la autenticación Kerberos, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos del sistema operativo) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://osvdb.org/50505 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rh •