CVE-2006-2426 - Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and

CVE-2006-2426

Summary

Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.

References

Vulnerable Configurations

cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.5.0_6:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.5.0_6:*:*:*:*:*:*:*

CVSS

Base:	6.4 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:P

oval via4

accepted

2013-04-29T04:07:04.537-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 5
oval oval:org.mitre.oval:def:11414
comment The operating system installed on the system is CentOS Linux 5.x
oval oval:org.mitre.oval:def:15802
comment Oracle Linux 5.x
oval oval:org.mitre.oval:def:15459

description

family

unix

oval:org.mitre.oval:def:10609

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa
id RHSA-2009:0377
rhsa
id RHSA-2009:0392
rhsa
id RHSA-2009:0394

rpms

java-1.6.0-openjdk-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-debuginfo-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-demo-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-devel-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-javadoc-1:1.6.0.0-0.30.b09.el5
java-1.6.0-openjdk-src-1:1.6.0.0-0.30.b09.el5
java-1.6.0-sun-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-demo-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-devel-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-jdbc-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-plugin-1:1.6.0.13-1jpp.1.el5
java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el4
java-1.6.0-sun-src-1:1.6.0.13-1jpp.1.el5
java-1.5.0-sun-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-demo-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-demo-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-devel-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-devel-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-jdbc-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-jdbc-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-plugin-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-plugin-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-src-0:1.5.0.18-1jpp.1.el4
java-1.5.0-sun-src-0:1.5.0.18-1jpp.1.el5
java-1.5.0-sun-0:1.5.0.22-1jpp.1.el4
java-1.5.0-sun-devel-0:1.5.0.22-1jpp.1.el4

refmap via4

bid	17981
bugtraq	20060514 JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space
confirm	http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
debian	DSA-1769
mandriva	MDVSA-2009:137 MDVSA-2009:162
misc	http://www.illegalaccess.org/exploit/FullDiskApplet.html
osvdb	25561
secunia	20132 20457 34489 34495 34496 34632 34675
sreason	909
suse	SUSE-SR:2006:012
ubuntu	USN-748-1
vupen	ADV-2006-1824
xf	sun-java-fontcreatefont-dos(26493)

Last major update

18-10-2018 - 16:39

Published

17-05-2006 - 10:06

Last modified

18-10-2018 - 16:39