CVE-2008-3111

Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
References
Link Resource
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
http://marc.info/?l=bugtraq&m=122331139823057&w=2
http://secunia.com/advisories/31010 Vendor Advisory
http://secunia.com/advisories/31055 Vendor Advisory
http://secunia.com/advisories/31320 Vendor Advisory
http://secunia.com/advisories/31497 Vendor Advisory
http://secunia.com/advisories/31600 Vendor Advisory
http://secunia.com/advisories/31736
http://secunia.com/advisories/32018 Vendor Advisory
http://secunia.com/advisories/32179 Vendor Advisory
http://secunia.com/advisories/32180 Vendor Advisory
http://secunia.com/advisories/37386 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 Patch
http://support.apple.com/kb/HT3178
http://support.apple.com/kb/HT3179
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0790.html
http://www.securityfocus.com/archive/1/494505/100/0/threaded
http://www.securityfocus.com/archive/1/497041/100/0/threaded
http://www.securityfocus.com/bid/30148
http://www.securitytracker.com/id?1020452
http://www.us-cert.gov/cas/techalerts/TA08-193A.html US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
http://www.vupen.com/english/advisories/2008/2056/references Vendor Advisory
http://www.vupen.com/english/advisories/2008/2740 Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-043/
https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html
http://marc.info/?l=bugtraq&m=122331139823057&w=2
http://secunia.com/advisories/31010 Vendor Advisory
http://secunia.com/advisories/31055 Vendor Advisory
http://secunia.com/advisories/31320 Vendor Advisory
http://secunia.com/advisories/31497 Vendor Advisory
http://secunia.com/advisories/31600 Vendor Advisory
http://secunia.com/advisories/31736
http://secunia.com/advisories/32018 Vendor Advisory
http://secunia.com/advisories/32179 Vendor Advisory
http://secunia.com/advisories/32180 Vendor Advisory
http://secunia.com/advisories/37386 Vendor Advisory
http://security.gentoo.org/glsa/glsa-200911-02.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 Patch
http://support.apple.com/kb/HT3178
http://support.apple.com/kb/HT3179
http://www.redhat.com/support/errata/RHSA-2008-0595.html
http://www.redhat.com/support/errata/RHSA-2008-0790.html
http://www.securityfocus.com/archive/1/494505/100/0/threaded
http://www.securityfocus.com/archive/1/497041/100/0/threaded
http://www.securityfocus.com/bid/30148
http://www.securitytracker.com/id?1020452
http://www.us-cert.gov/cas/techalerts/TA08-193A.html US Government Resource
http://www.vmware.com/security/advisories/VMSA-2008-0016.html
http://www.vupen.com/english/advisories/2008/2056/references Vendor Advisory
http://www.vupen.com/english/advisories/2008/2740 Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-043/
https://exchange.xforce.ibmcloud.com/vulnerabilities/43664
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:jdk:5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jdk:6:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:1.4.2_17:*:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_10:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_11:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_12:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_13:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_14:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_15:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_4:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_5:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_6:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_7:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:jre:5.0:update_9:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_1:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_2:*:*:*:*:*:*
cpe:2.3:a:sun:jre:6:update_3:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_13:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_14:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_15:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_16:*:*:*:*:*:*:*
cpe:2.3:a:sun:sdk:1.4.2_17:*:*:*:*:*:*:*

History

21 Nov 2024, 00:48

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html - () http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html -
References () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html -
References () http://marc.info/?l=bugtraq&m=122331139823057&w=2 - () http://marc.info/?l=bugtraq&m=122331139823057&w=2 -
References () http://secunia.com/advisories/31010 - Vendor Advisory () http://secunia.com/advisories/31010 - Vendor Advisory
References () http://secunia.com/advisories/31055 - Vendor Advisory () http://secunia.com/advisories/31055 - Vendor Advisory
References () http://secunia.com/advisories/31320 - Vendor Advisory () http://secunia.com/advisories/31320 - Vendor Advisory
References () http://secunia.com/advisories/31497 - Vendor Advisory () http://secunia.com/advisories/31497 - Vendor Advisory
References () http://secunia.com/advisories/31600 - Vendor Advisory () http://secunia.com/advisories/31600 - Vendor Advisory
References () http://secunia.com/advisories/31736 - () http://secunia.com/advisories/31736 -
References () http://secunia.com/advisories/32018 - Vendor Advisory () http://secunia.com/advisories/32018 - Vendor Advisory
References () http://secunia.com/advisories/32179 - Vendor Advisory () http://secunia.com/advisories/32179 - Vendor Advisory
References () http://secunia.com/advisories/32180 - Vendor Advisory () http://secunia.com/advisories/32180 - Vendor Advisory
References () http://secunia.com/advisories/37386 - Vendor Advisory () http://secunia.com/advisories/37386 - Vendor Advisory
References () http://security.gentoo.org/glsa/glsa-200911-02.xml - () http://security.gentoo.org/glsa/glsa-200911-02.xml -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 - Patch () http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 - Patch
References () http://support.apple.com/kb/HT3178 - () http://support.apple.com/kb/HT3178 -
References () http://support.apple.com/kb/HT3179 - () http://support.apple.com/kb/HT3179 -
References () http://www.redhat.com/support/errata/RHSA-2008-0595.html - () http://www.redhat.com/support/errata/RHSA-2008-0595.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0790.html - () http://www.redhat.com/support/errata/RHSA-2008-0790.html -
References () http://www.securityfocus.com/archive/1/494505/100/0/threaded - () http://www.securityfocus.com/archive/1/494505/100/0/threaded -
References () http://www.securityfocus.com/archive/1/497041/100/0/threaded - () http://www.securityfocus.com/archive/1/497041/100/0/threaded -
References () http://www.securityfocus.com/bid/30148 - () http://www.securityfocus.com/bid/30148 -
References () http://www.securitytracker.com/id?1020452 - () http://www.securitytracker.com/id?1020452 -
References () http://www.us-cert.gov/cas/techalerts/TA08-193A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA08-193A.html - US Government Resource
References () http://www.vmware.com/security/advisories/VMSA-2008-0016.html - () http://www.vmware.com/security/advisories/VMSA-2008-0016.html -
References () http://www.vupen.com/english/advisories/2008/2056/references - Vendor Advisory () http://www.vupen.com/english/advisories/2008/2056/references - Vendor Advisory
References () http://www.vupen.com/english/advisories/2008/2740 - Vendor Advisory () http://www.vupen.com/english/advisories/2008/2740 - Vendor Advisory
References () http://www.zerodayinitiative.com/advisories/ZDI-08-043/ - () http://www.zerodayinitiative.com/advisories/ZDI-08-043/ -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/43664 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/43664 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10541 -

Information

Published : 2008-07-09 23:41

Updated : 2024-11-21 00:48


NVD link : CVE-2008-3111

Mitre link : CVE-2008-3111

CVE.ORG link : CVE-2008-3111


JSON object : View

Products Affected

sun

  • sdk
  • jre
  • jdk
CWE
CWE-20

Improper Input Validation

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer