SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
SecurityTracker Alert ID:  1034214
SecurityTracker URL:  http://securitytracker.com/id/1034214
CVE Reference:   CVE-2015-5006   (Links to External Site)
Date:  Nov 23 2015
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 6.0, 6.1, 7.0, 7.1, 8.0
Description:   A vulnerability was reported in IBM Java. A physically local user can obtain sensitive information from the Kerberos Credential Cache.

No details were provided.

Impact:   A physically local user can obtain sensitive information from the Kerberos Credential Cache.
Solution:   The vendor has issued a fix (APAR IV78316; 6.0.16.15, 6.1.8.15, 7.0.9.20, 7.1.3.20, 8.0.2.0).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21969225

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21969225 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), Windows (Any), z/OS

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 23 2015 (Red Hat Issues Fix) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
Red Hat has issued a fix for java-1.6.0-ibm, java-1.7.0-ibm, java-1.71-ibm, and java-1.8.0-ibm for Red Hat Enterprise Linux 5, 6, and 7.
Dec 11 2015 (IBM Issues Fix for IBM AIX) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Jan 7 2016 (IBM Issues Fix for IBM Cognos Command Center) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM Cognos Command Center.
Feb 24 2016 (IBM Issues Fix for IBM SPSS Analytic Server) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM SPSS Analytic Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC