IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Generic) > Oracle Java SE

Vendors: Oracle, Sun

IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System

SecurityTracker Alert ID: 1034214

SecurityTracker URL: http://securitytracker.com/id/1034214

CVE Reference: CVE-2015-5006 (Links to External Site)

Date: Nov 23 2015

Impact: Disclosure of authentication information

Fix Available: Yes Vendor Confirmed: Yes

Version(s): 5.0, 6.0, 6.1, 7.0, 7.1, 8.0

Description: A vulnerability was reported in IBM Java. A physically local user can obtain sensitive information from the Kerberos Credential Cache.

No details were provided.

Impact: A physically local user can obtain sensitive information from the Kerberos Credential Cache.

Solution: The vendor has issued a fix (APAR IV78316; 6.0.16.15, 6.1.8.15, 7.0.9.20, 7.1.3.20, 8.0.2.0).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21969225

Vendor URL: www-01.ibm.com/support/docview.wss?uid=swg21969225 (Links to External Site)

Cause: Access control error

Underlying OS: Linux (Any), UNIX (AIX), Windows (Any), z/OS

Message History: This archive entry has one or more follow-up message(s) listed below.

Nov 23 2015	(Red Hat Issues Fix) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System Red Hat has issued a fix for java-1.6.0-ibm, java-1.7.0-ibm, java-1.71-ibm, and java-1.8.0-ibm for Red Hat Enterprise Linux 5, 6, and 7.
Dec 11 2015	(IBM Issues Fix for IBM AIX) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Jan 7 2016	(IBM Issues Fix for IBM Cognos Command Center) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System IBM has issued a fix for IBM Cognos Command Center.
Feb 24 2016	(IBM Issues Fix for IBM SPSS Analytic Server) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System IBM has issued a fix for IBM SPSS Analytic Server.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC