ID CVE-2008-5352
Summary Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jdk:6:update_8:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_16:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:*:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:1.6.0:update_10:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_4:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_5:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_6:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_7:*:*:*:*:*:*
  • cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
    cpe:2.3:a:sun:jre:6:update_8:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 29-09-2017 - 01:32)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2010-01-11T04:01:37.418-05:00
class vulnerability
contributors
name Michael Wood
organization Hewlett-Packard
definition_extensions
comment VMware ESX Server 3.5.0 is installed
oval oval:org.mitre.oval:def:5887
description Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
family unix
id oval:org.mitre.oval:def:6383
status accepted
submitted 2009-09-23T15:39:02.000-04:00
title Sun Java Runtime Environment Buffer Overflow in unpack200 Utility Lets Remote Users Execute Arbitrary Code
version 4
redhat via4
advisories
  • rhsa
    id RHSA-2008:1018
  • rhsa
    id RHSA-2008:1025
  • rhsa
    id RHSA-2009:0015
  • rhsa
    id RHSA-2009:0016
  • rhsa
    id RHSA-2009:0466
rpms
  • java-1.6.0-sun-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-demo-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-demo-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-devel-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-devel-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-jdbc-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-jdbc-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-plugin-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-plugin-1:1.6.0.11-1jpp.1.el5
  • java-1.6.0-sun-src-1:1.6.0.11-1jpp.1.el4
  • java-1.6.0-sun-src-1:1.6.0.11-1jpp.1.el5
  • java-1.5.0-sun-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-demo-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-demo-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-devel-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-devel-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-jdbc-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-jdbc-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-plugin-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-plugin-0:1.5.0.17-1jpp.2.el5
  • java-1.5.0-sun-src-0:1.5.0.17-1jpp.2.el4
  • java-1.5.0-sun-src-0:1.5.0.17-1jpp.2.el5
  • java-1.6.0-ibm-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-accessibility-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-demo-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-devel-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-devel-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-javacomm-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-javacomm-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-jdbc-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-jdbc-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-plugin-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-plugin-1:1.6.0.3-1jpp.3.el4
  • java-1.6.0-ibm-src-1:1.6.0.3-1jpp.1.el5
  • java-1.6.0-ibm-src-1:1.6.0.3-1jpp.3.el4
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-accessibility-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-demo-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-javacomm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-jdbc-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-plugin-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-src-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-1:1.5.0.9-1jpp.4.el4
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.2.el5
  • java-1.5.0-ibm-devel-1:1.5.0.9-1jpp.4.el4
refmap via4
bid 32608
cert TA08-340A
confirm
gentoo GLSA-200911-02
idefense 20081204 Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability
osvdb 50501
sectrack 1021312
secunia
  • 32991
  • 33015
  • 33528
  • 33709
  • 33710
  • 34259
  • 34972
  • 37386
sunalert 244992
suse
  • SUSE-SA:2009:007
  • SUSE-SR:2009:006
vupen ADV-2008-3339
saint via4
bid 32608
description Java Runtime Environment JAR manifest Main Class buffer overflow
id web_client_jre,web_dev_jdk
osvdb 50499
title jre_manifest_main_class
type client
Last major update 29-09-2017 - 01:32
Published 05-12-2008 - 11:30
Last modified 29-09-2017 - 01:32
Back to Top