NASLDB: USN-1010-1 : openjdk-6, openjdk-6b18 vulnerabilities
General
ID: 50410
Name: USN-1010-1 : openjdk-6, openjdk-6b18 vulnerabilities
Summary: Checks dpkg output for updated package(s)
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: Ubuntu Local Security Checks
Type: Local
Description
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3
protocols. If an attacker could perform a man in the middle attack at
the start of a TLS connection, the attacker could inject arbitrary
content at the beginning of the user’s session. USN-923-1 disabled
SSL/TLS renegotiation by default; this update implements the TLS
Renegotiation Indication Extension as defined in RFC 5746, and thus
supports secure renegotiation between updated clients and servers.
(CVE-2009-3555)
It was discovered that the HttpURLConnection class did not validate
request headers set by java applets, which could allow an attacker to
trigger actions otherwise not allowed to HTTP clients.
(CVE-2010-3541)
It was discovered that JNDI could leak information that would allow
an attacker to to access information about otherwise-protected
internal network names. (CVE-2010-3548)
It was discovered that HttpURLConnection improperly handled the
‘chunked’ transfer encoding method, which could allow attackers to
conduct HTTP response splitting attacks. (CVE-2010-3549)
It was discovered that the NetworkInterface class improperly checked
the network ‘connect’ permissions for local network addresses. This
could allow an attacker to read local network addresses.
(CVE-2010-3551)
It was discovered that UIDefault.ProxyLazyValue had unsafe reflection
usage, allowing an attacker to create objects. (CVE-2010-3553)
It was discovered that multiple flaws in the CORBA reflection
implementation could allow an attacker to execute arbitrary code by
misusing permissions granted to certain system objects.
(CVE-2010-3554)
It was discovered that unspecified flaws in the Swing library could
allow untrusted applications to modify the behavior and state of
certain JDK classes. (CVE-2010-3557)
It was discovered that the privileged accept method of the
ServerSocket class in the CORBA implementation allowed it to receive
connections from any host, instead of just the host of the current
connection. An attacker could use this flaw to bypass restrictions
defined by network permissions. (CVE-2010-3561)
It was discovered that there exists a double free in java’s
indexColorModel that could allow an attacker to cause an applet or
application to crash, or possibly execute arbitrary code with the
privilege of the user running the java applet or application.
(CVE-2010-3562)
It was discovered that the Kerberos implementation improperly checked
AP-REQ requests, which could allow an attacker to cause a denial of
service against the receiving JVM. (CVE-2010-3564)
It was discovered that improper checks of unspecified image metadata
in JPEGImageWriter.writeImage of the imageio API could allow an
attacker to execute arbitrary code with the privileges of the user
running a java applet or application. (CVE-2010-3565)
It was discovered that an unspecified vulnerability in the ICC
profile handling code could allow an attacker to execute arbitrary
code with the privileges of the user running a java applet or
application. (CVE-2010-3566)
It was discovered that a miscalculation in the OpenType font
rendering implementation would allow out-of-bounds memory access.
This could allow an attacker to execute arbitrary code with the
privileges of the user running a java application. (CVE-2010-3567)
It was discovered that an unspecified race condition in the way
objects were deserialized could allow an attacker to cause an applet
or application to misuse the privileges of the user running the java
applet or application. (CVE-2010-3568)
It was discovered that the defaultReadObject of the Serialization API
could be tricked into setting a volatile field multiple times. This
could allow an attacker to execute arbitrary code with the privileges
of the user running a java applet or application. (CVE-2010-3569)
It was discovered that the HttpURLConnection class did not validate
request headers set by java applets, which could allow an attacker to
trigger actions otherwise not allowed to HTTP clients.
(CVE-2010-3573)
It was discovered that the HttpURLConnection class improperly checked
whether the calling code was granted the ‘allowHttpTrace’ permission,
allowing an attacker to create HTTP TRACE requests. (CVE-2010-3574)
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2009-3555
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2010/10/28
Plugin Release: 2010/10/29
Plugin
Version: 1.5
Filename: ubuntu_USN-1010-1.nasl
Filesize: 9036 bytes
MD5 Hash: 02bf03439ad1af7b5e73d78444d9f00f
Identification: Host/local_checks_enabled
Require Keys: Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: –
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack