The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
http://java.sun.com/javase/6/webnotes/6u15.html
http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html
http://secunia.com/advisories/36162
http://secunia.com/advisories/36176
http://secunia.com/advisories/36180
http://secunia.com/advisories/37386
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1
http://www.mandriva.com/security/advisories?name=MDVSA-2009:209
http://www.vupen.com/english/advisories/2009/2543
https://bugzilla.redhat.com/show_bug.cgi?id=513220
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10381
https://rhn.redhat.com/errata/RHSA-2009-1200.html
https://rhn.redhat.com/errata/RHSA-2009-1201.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html
OR
cpe:2.3:a:sun:java_se:*:14:*:*:*:*:*:* versions up to 6 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
107921 | Solaris 10 (x86) : 125139-75 | Nessus | Solaris Local Security Checks | critical |
107920 | Solaris 10 (x86) : 125139-71 | Nessus | Solaris Local Security Checks | critical |
67905 | Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2009-1201) | Nessus | Oracle Linux Local Security Checks | critical |
60645 | Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
60633 | Scientific Linux Security Update : java-1.6.0-openjdk on SL5.3 i386/x86_64 | Nessus | Scientific Linux Local Security Checks | critical |
43774 | CentOS 5 : java-1.6.0-openjdk (CESA-2009:1201) | Nessus | CentOS Local Security Checks | critical |
42834 | GLSA-200911-02 : Sun JDK/JRE: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
41623 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330) | Nessus | SuSE Local Security Checks | critical |
41622 | openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-1330) | Nessus | SuSE Local Security Checks | critical |
40873 | Mac OS X : Java for Mac OS X 10.5 Update 5 | Nessus | MacOS X Local Security Checks | high |
40749 | RHEL 4 / 5 : java-1.6.0-sun (RHSA-2009:1200) | Nessus | Red Hat Local Security Checks | critical |
40694 | Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2009:209) | Nessus | Mandriva Local Security Checks | critical |
40547 | Ubuntu 8.10 / 9.04 : openjdk-6 vulnerabilities (USN-814-1) | Nessus | Ubuntu Local Security Checks | critical |
40515 | Fedora 10 : java-1.6.0-openjdk-1.6.0.0-20.b16.fc10 (2009-8337) | Nessus | Fedora Local Security Checks | critical |
40510 | RHEL 5 : java-1.6.0-openjdk (RHSA-2009:1201) | Nessus | Red Hat Local Security Checks | critical |
40507 | Fedora 11 : java-1.6.0-openjdk-1.6.0.0-27.b16.fc11 (2009-8329) | Nessus | Fedora Local Security Checks | critical |
27034 | Solaris 9 (x86) : 125139-97 | Nessus | Solaris Local Security Checks | critical |
27016 | Solaris 8 (x86) : 125139-97 | Nessus | Solaris Local Security Checks | critical |
26996 | Solaris 10 (x86) : 125139-97 (deprecated) | Nessus | Solaris Local Security Checks | critical |