CVE-2009-3871 – Sun Java Runtime AWT setBytePixels Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3871
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. Desbordamiento de búfer basado en memoria dinámica en la función setBytePixels en Abstract Window Toolkit (AWT) en Java Runtime Environment (JRE) en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de argumentos manipulados, también conocido como Id 6872358. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of arguments to the setBytePixels AWT library function. Due to the lack of bounds checking on the parameters to the function a user controllable memcpy can result in a heap overflow. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3874 – Sun Java Runtime Environment JPEGImageReader Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2009-3874
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. Desbordamiento de entero en la implementacion JPEGImageReader en el componente ImageI/O en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE 6 anteriores a Update 17, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos ejecutar arbitrariamente código a través de submuestra de dimensión larga en un archivo JPEG que lanza un desbordamiento de búfer basado en memoria dinámica, también conocido como Id 6874643. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun's Java Runtime Environment. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the processing of JPEG image dimensions. When specifying large values to the dimensions of a subsample an integer overflow occurs leading to memory corruption. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://marc.info/?l=bugtraq&m=134254866602253&w=2 http://secunia.com/advisories/37231 http://secunia.co • CWE-189: Numeric Errors •
CVE-2009-3519
https://notcve.org/view.php?id=CVE-2009-3519
Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and (4) M_SIG STREAMS messages. Múltiples fugas de memoria en el módulo IP en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anterior snv_109, permite a usuarios locales causar una denegación de servicio (consumo de memoria) a través de vectores relacionados con (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, y (4) mensajes M_SIG STREAMS. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-122300-44-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-263388-1 http://www.securityfocus.com/bid/36562 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2009-3183
https://notcve.org/view.php?id=CVE-2009-3183
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en w en Sun Solaris 8 hasta 10, y OpenSolaris anterior a snv_124, permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://osvdb.org/58110 http://sunsolve.sun.com/search/document.do?assetkey=1-21-113718-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266348-1 http://unsecurityresearch.blogspot.com/2009/02/advisories-published.html https://exchange.xforce.ibmcloud.com/vulnerabilities/53188 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-3100
https://notcve.org/view.php?id=CVE-2009-3100
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches. xscreensaver (también conocido como Gnome-XScreenSaver) en Sun Solaris v9 y v10, OpenSolaris snv_109 hasta snv_122, y X11 v6.4.1 en Solaris 8 no maneja apropiadamente el soporte Accesibilidad, lo que permite a los usuarios locales causar una denegación de servicio (parada del sistema) cerrando la pantalla y logrando lanzar una venta emergente de Accesibilidad, relativa a una regresión en ciertos parches Solaris y OpenSolaris. • http://bugs.opensolaris.org/view_bug.do?bug_id=6839026 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266469-1 •