CVE-2008-5339 – Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-5339
Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079. Vulnerabilidad no especificada en Java Web Start (JWS) y Java Plug-in en Sun JDK y JRE v6 Update 10 y anteriores; JDK y JRE v5.0 Update 16 y anteriores; y en SDK y JRE v1.4.2_18 y anteriores permite que aplicaciones JWS no confiables realicen conexiones de red con sistemas no autorizados mediante vectores desconocidos. These vulnerabilities allow remote attackers to bypass sandbox restrictions on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The first vulnerability results in a cache location and a user name information disclosure. By accessing the SI_FILEDIR property of a SingleInstanceImpl class, the location of the temporary single instance files can be parsed to discover the user name and cache location. The second vulnerability allows applets to read any file on a victim's filesystem, outside of the restricted path of the applet. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-2008-1025.html http://secunia.com/advisories/32991 http://secunia.com •
CVE-2008-5359 – Sun Java AWT Library Sandbox Violation Vulnerability
https://notcve.org/view.php?id=CVE-2008-5359
Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. Desbordamiento de búfer en Java Runtime Environment (JRE) en Sun JDK y JRE v6 Update 10 y anteriores; en JDK y JRE v5.0 Update 16 y anteriores; en SDK y JRE v1.4.2_18 y anteriores; y en SDK y JRE v1.3.1_23 y anteriores permite a atacantes remotos ejecutar código de su elección mediante vectores desconocidos relacionados con el "código de procesamiento de imágenes". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. • http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=123678756409861&w=2 http://marc.info/?l=bugtraq&m=126583436323697&w=2 http://rhn.redhat.com/errata/RHSA-2008-1018.html http://rhn.redhat.com/errata/RHSA-200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3112 – Sun Java Web Start Sandbox Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2008-3112
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909. Vulnerabilidad no especificada en Sun Java Web Start de JDK y JRE 6 versiones anteriores a Update 7, JDK y JRE 5.0 versiones anteriores a Update 16, y SDK y JRE 1.4.x versiones anteriores a 1.4.2_18 permite a atacantes remotos crear ficheros de su elección a través de una aplicación no confiable, también conocido como CR 6703909. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Web Start. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the writeManifest() method of the CacheEntry class. A directory traversal flaw in this method allows the creation of arbitrary files on the target system. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 h • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3106
https://notcve.org/view.php?id=CVE-2008-3106
Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1) application or (2) applet, a different vulnerability than CVE-2008-3105. Vulnerabilidad no especificada en Sun Java Runtime Environment (JRE), JDK y JRE 6 Update 6 y anteriores y JDK and JRE 5.0 Update 15 y anteriores permite a atacantes remotos acceder a URLs mediante vectores desconocidos que involucran el procesado de datos XML mediante (1) una aplicación o (2) un applet que no son de confianza, una vulnerabilidad distinta a CVE-2008-3105. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31320 http://secunia.com/advisories/31497 http://secunia.com/advisories/316 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-3110
https://notcve.org/view.php?id=CVE-2008-3110
Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows remote attackers to obtain sensitive information by using an applet to read information from another applet. Vulnerabilidad no especificada en lenguaje scripting de apoyo en Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 y versiones anteriores permite a atacantes remotos obtener información sensible utilizando un applet para leer información de otra applet. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html http://marc.info/?l=bugtraq&m=122331139823057&w=2 http://secunia.com/advisories/31010 http://secunia.com/advisories/31600 http://secunia.com/advisories/32018 http://secunia.com/advisories/32179 http://secunia.com/advisories/32180 http://secunia.com/advisories/32436 http://secunia.com/advisories/33238 http://secunia.com/advisories& • CWE-264: Permissions, Privileges, and Access Controls •