SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
SecurityTracker Alert ID:  1041889
SecurityTracker URL:  http://securitytracker.com/id/1041889
CVE Reference:   CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3157, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214   (Links to External Site)
Date:  Oct 16 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can gain elevated privileges. A remote or local user can access and modify data on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the Scripting component to gain elevated privileges [CVE-2018-3183].

A remote user can exploit a flaw in the JavaFX component to gain elevated privileges [CVE-2018-3209].

A remote user can exploit a flaw in the Hotspot component to gain elevated privileges [CVE-2018-3169].

A remote user can exploit a flaw in the JNDI component to gain elevated privileges [CVE-2018-3149].

A local user can exploit a flaw in the Serviceability component to access and modify data [CVE-2018-3211].

A remote user can exploit a flaw in the JSSE component to partially access data, partially modify data, and partially deny service [CVE-2018-3180].

A remote user can exploit a flaw in the Sound component to cause partial denial of service conditions [CVE-2018-3214].

A remote user can exploit a flaw in the Sound component to partially access data [CVE-2018-3157].

A remote user can exploit a flaw in the Utility component to partially modify data [CVE-2018-3150].

A remote user can exploit a flaw in the Deployment (libpng) component to cause partial denial of service conditions [CVE-2018-13785].

A remote user can exploit a flaw in the Security component to partially modify data [CVE-2018-3136].

A remote user can exploit a flaw in the Networking component to partially access data [CVE-2018-3139].

Artem Smotrakov, Felix Dorre, Krzysztof Szafranski, Nelson William Gamazo Sanchez of Trend Micro's Zero Day Initiative, and Tobias Ospelt of modzero reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

A local user can obtain data on the target system.

A local user can modify data on the target system.

A remote user can gain elevated privileges on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2018.

The vendor advisory is available at:

https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Vendor URL:  https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 18 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-1.8.0-openjdk.
Oct 18 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6 for java-1.8.0-openjdk.
Oct 18 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Oct 18 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7 (aarch64).
Oct 18 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-1.6.0-sun.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux for java-1.6.0-sun.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux for java-1.7.0-oracle.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-1.7.0-oracle.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-1.8.0-oracle.
Oct 25 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux for java-1.8.0-oracle.
Oct 30 2018 (Ubuntu Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu Linux 16.04 LTS, 18.04 LTS, and 18.10.
Oct 31 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 6.
Nov 9 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Nov 9 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-11-openjdk.
Nov 9 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6 and 7 for java-1.8.0-ibm.
Nov 12 2018 (Oracle Issues Fix for Oracle Linux) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Oracle has issued a fix for Oracle Linux 7.
Nov 13 2018 (IBM Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
IBM has issued a fix.
Nov 16 2018 (Ubuntu Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Ubuntu has issued a fix for Ubuntu Linux 14.04 LTS.
Nov 26 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 6 for java-1.7.1-ibm.
Nov 26 2018 (Red Hat Issues Fix) Oracle Java SE Multiple Bugs Let Remote Users Gain Elevated Privileges, Remote and Local Users Access and Modify Data, and Remote Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 7 for java-1.7.1-ibm.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC