CVE-2008-3111

HIGH

Description

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.

ID	Name	Product	Family	Severity
69874	Juniper NSM Servers Multiple Java JDK/JRE Vulnerabilities (PSN-2012-08-689)	Nessus	Misc.	critical
64833	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
64832	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
64817	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities (Unix)	Nessus	Misc.	critical
60440	Scientific Linux Security Update : java (jdk 1.5.0) on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
43841	RHEL 4 : Sun Java Runtime in Satellite Server (RHSA-2008:0636)	Nessus	Red Hat Local Security Checks	critical
42834	GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
41224	SuSE9 Security Update : Java2 (YOU Patch Number 12206)	Nessus	SuSE Local Security Checks	critical
40725	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0790)	Nessus	Red Hat Local Security Checks	critical
40723	RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0595)	Nessus	Red Hat Local Security Checks	critical
40383	VMSA-2008-0016 : VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues	Nessus	VMware ESX Local Security Checks	critical
40001	openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-97)	Nessus	SuSE Local Security Checks	critical
39996	openSUSE Security Update : java-1_5_0-sun (java-1_5_0-sun-96)	Nessus	SuSE Local Security Checks	critical
34291	Mac OS X : Java for Mac OS X 10.4 Release 7	Nessus	MacOS X Local Security Checks	high
34290	Mac OS X : Java for Mac OS X 10.5 Update 2	Nessus	MacOS X Local Security Checks	high
34200	SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591)	Nessus	SuSE Local Security Checks	critical
34072	SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 5557)	Nessus	SuSE Local Security Checks	critical
34038	openSUSE 10 Security Update : java-1_6_0-sun (java-1_6_0-sun-5435)	Nessus	SuSE Local Security Checks	critical
34037	openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-5434)	Nessus	SuSE Local Security Checks	critical
34036	SuSE 10 Security Update : Java 1.4.2 (ZYPP Patch Number 5431)	Nessus	SuSE Local Security Checks	critical
34035	openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-5430)	Nessus	SuSE Local Security Checks	critical
33488	Sun Java JDK/JRE 6 < Update 7 Multiple Vulnerabilities	Nessus	Windows	high
33487	Sun Java JDK/JRE 5 < Update 16 Multiple Vulnerabilities	Nessus	Windows	high
33486	Sun Java J2SE 1.4.2 < Update 18 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2008-3111

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

high

high

critical

critical

critical

critical

critical

critical

high

high

high