SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
SecurityTracker Alert ID:  1031035
SecurityTracker URL:  http://securitytracker.com/id/1031035
CVE Reference:   CVE-2014-0050, CVE-2014-2478, CVE-2014-4289, CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4294, CVE-2014-4295, CVE-2014-4296, CVE-2014-4297, CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-4301, CVE-2014-4310, CVE-2014-6452, CVE-2014-6453, CVE-2014-6454, CVE-2014-6455, CVE-2014-6467, CVE-2014-6483, CVE-2014-6537, CVE-2014-6538, CVE-2014-6542, CVE-2014-6544, CVE-2014-6545, CVE-2014-6546, CVE-2014-6547, CVE-2014-6560, CVE-2014-6563, CVE-2014-6513, CVE-2014-6532, CVE-2014-6503, CVE-2014-6456, CVE-2014-6562, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-4288, CVE-2014-6466, CVE-2014-6458, CVE-2014-6468, CVE-2014-6506, CVE-2014-6511, CVE-2014-6476, CVE-2014-6515, CVE-2014-6504, CVE-2014-6519, CVE-2014-6517, CVE-2014-6531, CVE-2014-6512, CVE-2014-6457, CVE-2014-6527, CVE-2014-6502, CVE-2014-6558   (Links to External Site)
Updated:  Oct 15 2014
Original Entry Date:  Oct 15 2014
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Java. A remote or local user can obtain elevated privileges on the target system. A remote user can partially access and modify data.

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to gain elevated privileges [CVE-2014-6513].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6532].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6503].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6456].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6562].

A remote user can exploit a flaw in the Java SE, JavaFX component to gain elevated privileges [CVE-2014-6485].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6492].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6493].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-4288].

A local user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6466].

A local user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6458].

A local user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6468].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data, partially modify data, and partially deny service [CVE-2014-6506].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-6511].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-6476].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-6515].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data [CVE-2014-6504].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially modify data [CVE-2014-6519].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially access data [CVE-2014-6517].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially access data [CVE-2014-6531].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially modify data [CVE-2014-6512].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially access and partially modify data [CVE-2014-6457].

A remote user can exploit a flaw in the Java SE component to partially modify data [CVE-2014-6527].

A remote user can exploit a flaw in the Java SE, Java SE Embedded component to partially modify data [CVE-2014-6502].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially modify data [CVE-2014-6558].

The following researchers reported these and other Oracle vulnerabilities:

0ang3el; Adam Gowdiak of Security Explorations; Adam Willard of Foreground Security; Alberto Garcia Illera of Salesforce.com; Alexey Tyurin of ERPScan; Dhanesh K.; Florian Weimer of Red Hat; Gleb Cherbov of ERPScan; Ilja van Sprundel of ioactive.com;
Ivan Chalykin of ERPScan; Jakub Palaczynski; Khai Tran of Netspi; Laszlo Toth; Lupin LanYuShi; Meder Kydyraliev of Google; Nikita Kelesis of ERPScan; Recx; Richard Dalton;
Sergey Gorbaty of Salesforce.com; Sloane Bernstein of cPanel; Stefan Nordhausen; Wolfgang Ettlinger of SEC Consult Vulnerability Lab; Yash Kadakia of Security Brigade; Yuki Chen of Qihoo working with HP's Zero Day Initiative; and Zubin Mithra

Impact:   A remote or local user can obtain elevated privileges on the target system.

A remote user can partially access and modify data.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2014.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 15 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.8.0-openjdk for Red Hat Enterprise Linux 6.
Oct 15 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 6 and 7.
Oct 15 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5.
Oct 15 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
Oct 17 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 5, 6, and 7.
Oct 17 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 5, 6, and 7.
Nov 19 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for Red Hat Enterprise Linux 5 for java-1.7.0-ibm.
Nov 19 2014 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
Red Hat has issued a fix for java-1.6.0-ibm for Red Hat Enterprise Linux 5 and 6.
Dec 5 2014 (HP Issues Fix for HP-UX) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Access and Modify Data
HP has issued a fix for HP-UX 11.23 and 11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC