Sun Java JRE Multiple Vulnerabilities (244986 et al)

High Nessus Plugin ID 35030

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.4

Synopsis

The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities.

Description

The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :

- The JRE creates temporary files with insufficiently random names. (244986)

- There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.
(244987)

- It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.

- There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)

- The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)

- A buffer overflow may allow an untrusted Java application that is launched through the commandline to escalate its privileges. (244990)

- A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to escalate its privileges. (244991)

- A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to escalate its privileges with unpacking applets and Java Web Start applications. (244992)

- The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)

- An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)

- A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)

- A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)

- Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to escalate privileges. (246366)

- An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.
(246386)

- The JRE allows code loaded from the local filesystem to access localhost. (246387)

Solution

Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove if necessary any affected versions.

See Also

https://download.oracle.com/sunalerts/1019736.1.html

https://download.oracle.com/sunalerts/1019737.1.html

https://download.oracle.com/sunalerts/1019738.1.html

https://download.oracle.com/sunalerts/1019739.1.html

https://download.oracle.com/sunalerts/1019740.1.html

https://download.oracle.com/sunalerts/1019741.1.html

https://download.oracle.com/sunalerts/1019742.1.html

https://download.oracle.com/sunalerts/1019759.1.html

https://download.oracle.com/sunalerts/1019793.1.html

https://download.oracle.com/sunalerts/1019794.1.html

https://download.oracle.com/sunalerts/1019797.1.html

https://download.oracle.com/sunalerts/1019798.1.html

https://download.oracle.com/sunalerts/1019799.1.html

https://download.oracle.com/sunalerts/1019800.1.html

https://www.oracle.com/technetwork/java/javase/6u11-139394.html

https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html

https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html

Plugin Details

Severity: High

ID: 35030

File Name: sun_java_jre_244986.nasl

Version: 1.33

Type: local

Agent: windows

Family: Windows

Published: 2008/12/04

Updated: 2018/11/15

Dependencies: 33545

Risk Information

Risk Factor: High

VPR Score: 9.4

CVSS v2.0

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/12/03

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Calendar Deserialization Privilege Escalation)

Elliot (Apache Tomcat File Disclosure)

Reference Information

CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360

BID: 30633, 32608, 32620, 32892

CWE: 94, 119, 189, 200, 264, 287