ID CVE-2007-0243
Summary Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
References
Vulnerable Configurations
  • Sun JDK 5.0 Update3
    cpe:2.3:a:sun:jdk:1.5.0:update3
  • Sun JDK 5.0 Update4
    cpe:2.3:a:sun:jdk:1.5.0:update4
  • Sun JDK 5.0 Update5
    cpe:2.3:a:sun:jdk:1.5.0:update5
  • Sun JDK 5.0 Update7
    cpe:2.3:a:sun:jdk:1.5.0:update7
  • Sun JDK 5.0 Update8
    cpe:2.3:a:sun:jdk:1.5.0:update8
  • Sun JDK 5.0 Update9
    cpe:2.3:a:sun:jdk:1.5.0:update9
  • Sun JRE 1.3.1_16
    cpe:2.3:a:sun:jre:1.3.1:update16
  • Sun JRE 1.3.1_18
    cpe:2.3:a:sun:jre:1.3.1:update18
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
    cpe:2.3:a:sun:jre:1.5.0:update3
  • Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
    cpe:2.3:a:sun:jre:1.5.0:update4
  • Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
    cpe:2.3:a:sun:jre:1.5.0:update5
  • Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
    cpe:2.3:a:sun:jre:1.5.0:update6
  • Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
    cpe:2.3:a:sun:jre:1.5.0:update7
  • Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
    cpe:2.3:a:sun:jre:1.5.0:update8
  • Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
    cpe:2.3:a:sun:jre:1.5.0:update9
  • Sun SDK 1.3.1_01
    cpe:2.3:a:sun:sdk:1.3.1_01
  • Sun SDK 1.3.1_01a
    cpe:2.3:a:sun:sdk:1.3.1_01a
  • Sun SDK 1.3.1_16
    cpe:2.3:a:sun:sdk:1.3.1_16
  • Sun SDK 1.3.1_18
    cpe:2.3:a:sun:sdk:1.3.1_18
  • SDK 1.4.2
    cpe:2.3:a:sun:sdk:1.4.2
  • SDK 1.4.2_03
    cpe:2.3:a:sun:sdk:1.4.2_03
  • Sun SDK 1.4.2_08
    cpe:2.3:a:sun:sdk:1.4.2_08
  • Sun SDK 1.4.2_09
    cpe:2.3:a:sun:sdk:1.4.2_09
  • Sun SDK 1.4.2_10
    cpe:2.3:a:sun:sdk:1.4.2_10
  • Sun SDK 1.4.2_12
    cpe:2.3:a:sun:sdk:1.4.2_12
CVSS
Base: 6.8 (as of 18-01-2007 - 09:13)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Misc.
    NASL id SUN_JAVA_JRE_102760_UNIX.NASL
    description According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, the attacker may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 64819
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64819
    title Sun Java JRE GIF Image Handling Buffer Overflow (102760) (Unix)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0167.NASL
    description java-1.5.0-ibm packages that correct a security issue are available for Red Hat Enterprise Linux 5 Supplementary and Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw in GIF image handling was found in the SUN Java Runtime Environment that has now been reported as also affecting IBM Java 2. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code. (CVE-2007-0243) This update also resolves the following issues : * The java-1.5.0-ibm-plugin sub-package conflicted with the new java-1.5.0-sun-plugin sub-package. * The java-1.5.0-ibm-plugin package had incorrect dependencies. The java-1.5.0-ibm-alsa package has been merged into the java-1.5.0-ibm package to resolve this issue. All users of java-ibm-1.5.0 should upgrade to these packages, which contain IBM's 1.5.0 SR4 Java release which resolves these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 40703
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40703
    title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0167)
  • NASL family Windows
    NASL id SUN_JAVA_JRE_102760.NASL
    description According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, he may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user's privileges.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 24022
    published 2007-01-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24022
    title Sun Java JRE GIF Image Handling Buffer Overflow (102760)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-3851.NASL
    description The IBM Java JRE/SDK has been brought to release 1.4.2 SR containing several bugfixes, including following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745)
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 29469
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29469
    title SuSE 10 Security Update : IBM Java (ZYPP Patch Number 3851)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0956.NASL
    description Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the BEA Java Runtime Environment GIF image handling. If an application processes untrusted GIF image input, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-0243) A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the 'appletviewer' application. (CVE-2007-3005) A cross site scripting (XSS) flaw was found in the Javadoc tool. An attacker could inject arbitrary content into a Javadoc generated HTML documentation page, possibly tricking a user or stealing sensitive information. (CVE-2007-3503) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-bea-1.5.0 should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_11 release that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 40708
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40708
    title RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200702-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-200702-07 (Sun JDK/JRE: Execution of arbitrary code) A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. Impact : An attacker could entice a user to run a specially crafted Java applet or application that would load a crafted GIF image, which could result in escalation of privileges and unauthorized access to system resources. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 24368
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24368
    title GLSA-200702-07 : Sun JDK/JRE: Execution of arbitrary code
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0166.NASL
    description Updated java-1.4.2-ibm packages to correct a security issue are now available for Red Hat Enterprise Linux 3 and 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.4.2 SR8 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A flaw in GIF image handling was found in the SUN Java Runtime Environment that has now been reported as also affecting IBM Java 2. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code. (CVE-2007-0243) All users of java-1.4.2-ibm should upgrade to these updated packages, which contain IBM's 1.4.2 SR8 Java release which resolves this issue.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 40702
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40702
    title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2007:0166)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200702-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200702-08 (AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities) Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Additionally, a memory corruption error has been found in the handling of GIF images with zero width field blocks. Impact : An attacker could entice a user to run a specially crafted Java applet or application that could read, write, or execute local files with the privileges of the user running the JVM, access data maintained in other Java applets, or escalate the privileges of the currently running Java applet or application allowing for unauthorized access to system resources. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 24369
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24369
    title GLSA-200702-08 : AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0072.NASL
    description IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these vulnerabilities to access data from other applets. (CVE-2006-6736, CVE-2006-6737) Buffer overflow vulnerabilities were discovered in the Java Runtime Environment. An untrusted applet could use these flaws to elevate its privileges, possibly reading and writing local files or executing local applications. (CVE-2006-6731) Daniel Bleichenbacher discovered an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. (CVE-2006-4339) All users of IBMJava2 should upgrade to these updated packages, which contain IBM's 1.3.1 SR10a Java release which resolves these issues. Please note that the packages in this erratum are the same as those we released on January 24th 2007 with advisories RHBA-2007:0023 and RHEA-2007:0024. We have issued this security update as these previous advisories did not specify that they fixed critical security issues. If you have already updated to those versions of IBMJava you will not need to apply this update.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 24320
    published 2007-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24320
    title RHEL 2.1 : IBMJava2 (RHSA-2007:0072)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-SUN-3832.NASL
    description The Sun JAVA JDK 1.5.0 was upgraded to release 12 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 27280
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27280
    title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-3832)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-SUN-3844.NASL
    description The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : - Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. (CVE-2007-2788 / CVE-2007-3004) - The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. (CVE-2007-2789 / CVE-2007-3005) - Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. (CVE-2007-0243)
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 29472
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29472
    title SuSE 10 Security Update : Java (ZYPP Patch Number 3844)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-3891.NASL
    description The IBM Java JRE/SDK has been brought to release 1.4.2 SR8, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the Java(TM) Runtime Environment may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-0243) - Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to access data in other applets. (CVE-2006-6737 / CVE-2006-6736) - Two vulnerabilities in the Java(TM) Runtime Environment with serialization may independently allow an untrusted applet or application to elevate its privileges. (CVE-2006-6745)
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 29474
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29474
    title SuSE 10 Security Update : Java (ZYPP Patch Number 3891)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-SUN-3843.NASL
    description The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 27276
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27276
    title openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-3843)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_REL6.NASL
    description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's KeyChain. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 29702
    published 2007-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29702
    title Mac OS X : Java for Mac OS X 10.4 Release 6
oval via4
accepted 2010-09-06T04:07:56.133-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
description Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
family unix
id oval:org.mitre.oval:def:11073
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
version 7
redhat via4
advisories
  • rhsa
    id RHSA-2007:0166
  • rhsa
    id RHSA-2007:0167
  • rhsa
    id RHSA-2007:0956
  • rhsa
    id RHSA-2008:0261
refmap via4
apple APPLE-SA-2007-12-14
bea BEA07-172.00
bid 22085
bugtraq
  • 20070117 ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
  • 20070121 Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability Prove Of Concept Exploit
cert TA07-022A
cert-vn VU#388289
confirm
gentoo
  • GLSA-200702-07
  • GLSA-200702-08
hp
  • HPSBUX02196
  • SSRT071318
misc
osvdb 32834
sectrack 1017520
secunia
  • 23757
  • 24189
  • 24202
  • 24468
  • 24993
  • 25283
  • 26049
  • 26119
  • 26645
  • 27203
  • 28115
sreason 2158
sunalert 102760
suse SUSE-SA:2007:045
vupen
  • ADV-2007-0211
  • ADV-2007-0936
  • ADV-2007-1814
  • ADV-2007-4224
xf jre-gif-bo(31537)
Last major update 07-03-2011 - 21:49
Published 17-01-2007 - 17:28
Last modified 30-10-2018 - 12:26
Back to Top