SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
SecurityTracker Alert ID:  1031580
SecurityTracker URL:  http://securitytracker.com/id/1031580
CVE Reference:   CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0400, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437   (Links to External Site)
Date:  Jan 20 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0u75, 6u85, 7u72, 8u25
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote or local user can obtain elevated privileges on the target system. A remote or local user can cause partial denial of service conditions. A remote or local user can partially access and modify data on the target system.

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6601].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0412].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2014-6549].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0408].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0395].

A remote user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0437].

A local user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0403].

A local user can exploit a flaw in the Java SE component to gain elevated privileges [CVE-2015-0421].

A remote user can exploit a flaw in the Java SE component to partially access data and cause partial denial of service conditions [CVE-2015-0406].

A local user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially modify data and cause denial of service conditions [CVE-2015-0383].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2015-0400].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2015-0407].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to cause partial denial of service conditions [CVE-2015-0410].

A local user can exploit a flaw in the Java SE component to partially access data, partially modify data, and partially deny service [CVE-2014-6587].

A remote user can exploit a flaw in the Java SE, Java SE Embedded, JRockit component to partially access and partially modify data [CVE-2014-6593].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-6585].

A remote user can exploit a flaw in the Java SE component to partially access data [CVE-2014-6591].

A local user can exploit a flaw in the Java SE component to partially modify data [CVE-2015-0413].

The following researchers reported these and other Oracle vulnerabilities:

Abdullah Erdem; Adam Willard of Foreground Security; Amir Sohail; Arjun V; Avik Sarkar; Ayoub Nait Lamine; Ben Khlifa Fahmi; Cameron Crowley; Christian Galeone;
Gaurav Mishra; Gopal Bisht; Gurjant Singh Sadhra; Karthik E C; Koutrouss Naddara; M.Asim Shahzad; Mohammed Osman; Monendra Sahu; Mousab Elhag; Muhammad Sarmad Shafiq; Rakesh Singh of Zero Day Guys; Sandeep Venkatesan; Sky_BlaCk; Sreehari; Srikanth Y; and Yann CAM.

Impact:   A remote or local user can obtain elevated privileges on the target system.

A remote or local user can cause partial denial of service conditions.

A remote or local user can partially access and modify data on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - January 2015.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 21 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 5.
Jan 22 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.7.0-openjdk for Red Hat Enterprise Linux 6 and 7.
Jan 22 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.8.0-openjdk for Red Hat Enterprise Linux 6.
Jan 23 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.7.0-oracle for Red Hat Enterprise Linux 5, 6, and 7.
Jan 23 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.8.0-oracle for Red Hat Enterprise Linux 6.
Jan 27 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.6.0-sun for Red Hat Enterprise Linux 5, 6, and 7.
Jan 27 2015 (Red Hat Issues Fix) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
Red Hat has issued a fix for java-1.6.0-openjdk for Red Hat Enterprise Linux 5, 6, and 7.
Apr 2 2015 (VMware Issues Fix for VMware Horizon Workspace Portal Server) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
VMware has issued a fix for VMware Horizon Workspace and VMware Horizon DaaS Platform.
Apr 2 2015 (VMware Issues Fix for VMware vCenter) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
VMware has issued a fix for VMware vCenter products.
Apr 2 2015 (VMware Issues Fix for VMware vCloud) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
VMware has issued a fix for VMware vCloud.
Sep 11 2015 (VMware Issues Fix for VMware vSphere Data Protection) Oracle Java Bugs Let Local and Remote Users Gain Elevated Privileges and Remote Users Partially Access and Modify Data
VMware has issued a fix for VMware vSphere Data Protection.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC