SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Java Runtime Environment (JRE) Vendors:   Oracle, Sun
Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service
SecurityTracker Alert ID:  1023774
SecurityTracker URL:  http://securitytracker.com/id/1023774
CVE Reference:   CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0087, CVE-2010-0088, CVE-2010-0089, CVE-2010-0090, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0839, CVE-2010-0840, CVE-2010-0841, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, CVE-2010-0845, CVE-2010-0846, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850   (Links to External Site)
Date:  Mar 31 2010
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to JDK and JRE 6 Update 19
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can affect the confidentiality, integrity, and availability of the target system.

A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will access or modify data on the target user's system or cause denial of service conditions on the target user's system.

Some of these vulnerabilities can be exploited by passing untrusted data to the affected component using an API, without the need for a Java Web Start application or Java applet.

The HotSpot Server [CVE-2010-0082, CVE-2010-0845], Java Runtime Environment (JRE) [CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0840, Java Web Start [CVE-2010-0087, CVE-2010-0089, CVE-2010-0090], Java Plug-in [CVE-2010-0087, CVE-2010-0089, CVE-2010-0090], Pack200 [CVE-2010-0837], Java 2D [CVE-2010-0838, CVE-2010-0847, CVE-2010-0848, CVE-2010-0849, CVE-2010-0850], Sound [CVE-2010-0839, CVE-2010-0842, CVE-2010-0843, CVE-2010-0844, and ImageIO components [CVE-2010-0841, CVE-2010-0846] are affected.

The following researchers reported these vulnerabilities:

Dyon Balding of Secunia Research; Steve Dispensa of PhoneFactor; Stephen Fewer of iDefense; Brian Graversen of Signaturgruppen; Sami Koivu of TippingPoint's Zero Day Initiative; Alexandre Pelletier of VUPEN Security; Marsh Ray of PhoneFactor; Regenrecht of iDefense, Regenrecht of TippingPoint's Zero Day Initiative; Sebastian Renaud of VUPEN Security; Marc Schoenefeld of Red Hat; and Peter Vreugendhil of TippingPoint's Zero Day Initiative.
Impact:   A remote user can access and modify data on the target user's system.

A remote user can cause denial of service conditions on the target user's system.
Solution:   The vendor has issued a fix (JDK and JRE 6 Update 19).

The vendor's advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 1 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for java-1.5.0-sun for Red Hat Enterprise Linux 4 and 5.
Apr 1 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat issues fix for java-1.6.0-sun for Red Hat Enterprise Linux 4 and 5.
Apr 1 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5.
Apr 29 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 4 and 5.
May 20 2010 (Apple Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (Apple Product Security <product-security-noreply@lists.apple.com>)
Apple has issued a fix for Java for Mac OS X 10.6.3.
Jun 15 2010 (Red Hat Issues Fix for Red Hat Network Satellite Server) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Network Satellite Server.
Jun 18 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 4 and 5.
Jul 29 2010 (Red Hat Issues Fix) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (bugzilla@redhat.com)
Red Hat has issued a fix for java-1.4.2-ibm for Red Hat Enterprise Linux 3, 4, and 5.
Feb 11 2011 (VMware Issues Fix for ESX) Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data and Deny Service   (VMware Security Announcements <security-announce@lists.vmware.com>)
VMware has issued a fix.


 Source Message Contents
Date:  Tue, 30 Mar 2010 21:58:35 +0000
Subject:  Oracle Java SE and Oracle Java for Business


CVE-2010-0082 	HotSpot Server
CVE-2010-0084 	Java Runtime Environment
CVE-2010-0085 	Java Runtime Environment
CVE-2010-0087 	Java Web Start, Java Plug-in
CVE-2010-0088 	Java Runtime Environment
CVE-2010-0089 	Java Web Start, Java Plug-in
CVE-2010-0090 	Java Web Start, Java Plug-in
CVE-2010-0091 	Java Runtime Environment
CVE-2010-0092 	Java Runtime Environment
CVE-2010-0093 	Java Runtime Environment
CVE-2010-0094 	Java Runtime Environment
CVE-2010-0095 	Java Runtime Environment
CVE-2010-0837 	Pack200
CVE-2010-0838   Java 2D
CVE-2010-0839 	Sound
CVE-2010-0840 	Java Runtime Environment
CVE-2010-0841   ImageIO
CVE-2010-0842 	Sound
CVE-2010-0843 	Sound
CVE-2010-0844 	Sound
CVE-2010-0845 	HotSpot Server
CVE-2010-0846   ImageIO
CVE-2010-0847 	Java 2D
CVE-2010-0848 	Java 2D
CVE-2010-0849 	Java 2D
CVE-2010-0850 	Java 2D


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC