Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)

critical Nessus Plugin ID 64828
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Unix host contains a runtime environment that is affected by multiple vulnerabilities.

Description

The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :

- The JRE creates temporary files with insufficiently random names. (244986)

- There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.
(244987)

- It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.

- There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)

- The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)

- A buffer overflow may allow an untrusted Java application that is launched through the command line to elevate its privileges. (244990)

- A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to elevate its privileges. (244991)

- A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to elevate its privileges with unpacking applets and Java Web Start applications. (244992)

- The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)

- An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)

- A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)

- A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)

- Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to elevate privileges.
(246366)

- An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.
(246386)

- The JRE allows code loaded from the local filesystem to access localhost. (246387)

Solution

Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary, any affected versions.

See Also

https://download.oracle.com/sunalerts/1019736.1.html

https://download.oracle.com/sunalerts/1019737.1.html

https://download.oracle.com/sunalerts/1019738.1.html

https://download.oracle.com/sunalerts/1019739.1.html

https://download.oracle.com/sunalerts/1019740.1.html

https://download.oracle.com/sunalerts/1019741.1.html

https://download.oracle.com/sunalerts/1019742.1.html

https://download.oracle.com/sunalerts/1019759.1.html

https://download.oracle.com/sunalerts/1019793.1.html

https://download.oracle.com/sunalerts/1019794.1.html

https://download.oracle.com/sunalerts/1019797.1.html

https://download.oracle.com/sunalerts/1019798.1.html

https://download.oracle.com/sunalerts/1019799.1.html

https://download.oracle.com/sunalerts/1019800.1.html

https://www.oracle.com/technetwork/java/javase/6u11-139394.html

https://www.oracle.com/technetwork/java/index.html

Plugin Details

Severity: Critical

ID: 64828

File Name: sun_java_jre_244986_unix.nasl

Version: 1.14

Type: local

Agent: unix

Family: Misc.

Published: 2/22/2013

Updated: 10/25/2021

Dependencies: sun_java_jre_installed_unix.nasl

Risk Information

CVSS Score Source: CVE-2008-5355

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: Host/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/3/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Calendar Deserialization Privilege Escalation)

Elliot (Apache Tomcat File Disclosure)

Reference Information

CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360

BID: 30633, 32608, 32620, 32892

CWE: 94, 119, 189, 200, 264, 287