SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1028071
SecurityTracker URL:  http://securitytracker.com/id/1028071
CVE Reference:   CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0430, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0436, CVE-2013-0437, CVE-2013-0438, CVE-2013-0439, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446, CVE-2013-0447, CVE-2013-0448, CVE-2013-0449, CVE-2013-0450, CVE-2013-1472, CVE-2013-1473, CVE-2013-1474, CVE-2013-1475, CVE-2013-1476, CVE-2013-1477, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1482, CVE-2013-1483, CVE-2013-1489   (Links to External Site)
Date:  Feb 1 2013
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0 Update 38 and prior; 6 Update 38 and prior; 7 Update 11 and prior
Description:   Multiple vulnerabilities were reported in Oracle Java. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A remote user can cause denial of service conditions.

A remote user can create a specially crafted Java Web Start application or Java applet that, when loaded by the target user, will execute arbitrary code on the target system [CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-3342, CVE-2012-4301, CVE-2012-4305, CVE-2013-0419, CVE-2013-0423, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0429, CVE-2013-0436, CVE-2013-0437, CVE-2013-0439, CVE-2013-0441, CVE-2013-0442, CVE-2013-0444, CVE-2013-0445, CVE-2013-0446,
CVE-2013-0447, CVE-2013-0450, CVE-2013-1472, CVE-2013-1474, CVE-2013-1475, CVE-2013-1476, CVE-2013-1477, CVE-2013-1478, CVE-2013-1479, CVE-2013-1480, CVE-2013-1481, CVE-2013-1482, CVE-2013-1483].

A local user can exploit a flaw in the Install component to execute arbitrary code on the target system with elevated privileges [CVE-2013-0430].

A remote user can exploit a flaw in the Deployment component to partially access and modify data and cause partial denial of service conditions [CVE-2013-0351].

A remote user can partially access and modify data. The AWT [CVE-2013-0432] and JSSE [CVE-2013-0443] components are affected.

A remote user can partially access data. The AWT [CVE-2013-0449], JAX-WS [CVE-2013-0435], JAXP [CVE-2013-0434], JMX [CVE-2013-0409, CVE-2013-0431], and Deployment [CVE-2013-0438] components are affected.

A remote user can partially modify data. The AWT [CVE-2013-1473], Libraries [CVE-2013-0427, CVE-2013-0448], Networking [CVE-2013-0433], and RMI [CVE-2013-0424] components are affected.

A remote user can cause partial denial of service conditions. The JSSE component [CVE-2013-0440] is affected.

The following researchers reported these vulnerabilities:

Adam Gowdiak of Security Explorations; Aniway.Anyway via TippingPoint; Chris Ries via TippingPoint; David Hoyt; David Thiel of Information Security Partners (iSEC); iDefense; James Forshaw (tyranid) via TippingPoint; Jeroen Frijters; Mark Yason of
the IBM X-Force; Tomas Hoger of Red Hat; Vitaliy Toropov via iDefense; and Vitaliy Toropov via TippingPoint.

Impact:   A remote user can create an application or applet that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A remote user can cause denial of service conditions on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Java SE Critical Patch Update Advisory for February 2013.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html

Vendor URL:  www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 2 2013 (Apple Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Apple has issued a fix for Mac OS X 10.6.
Feb 5 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 5 and 6.
Feb 5 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 5 and 6.
Feb 8 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 6.
Feb 8 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5.
Feb 8 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5 and 6.
Feb 19 2013 (Apple Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Apple has issued a fix for OS X.
Mar 11 2013 (Red Hat Issues Fix) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for java-1.5.0-ibm for Red Hat Enterprise Linux 5 and 6.
Apr 30 2013 (HP Issues Fix for HP Service Manager) Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
HP has issued a fix for HP Service Manager.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC