Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.

Updated java-1.5.0-sun packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language.

The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML.
(CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service.
(CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.
(CVE-2007-3922)

All users of java-sun-1.5.0 should upgrade to these packages, which contain Sun Java 1.5.0 Update 12 that corrects these issues.

NOTE: This combination of rpm's replaces j2sdk-1.4.2 with jdk-1.5.0.
So your java will change from version 1.4.2 to 1.5.0. We apologize if this causes any problems, but it needed to be done for security reasons.

A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.
(CVE-2007-5232)

Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)

Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files.
(CVE-2007-5239)

The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)

Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)

Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service.
(CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.
(CVE-2007-3922)

A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from.
(CVE-2007-5232)

Multiple vulnerabilities existed in Java Web Start allowing an untrusted application to determine the location of the Java Web Start cache. (CVE-2007-5238)

Untrusted Java Web Start Applications or Java Applets were able to drag and drop a file to a Desktop Application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files.
(CVE-2007-5239)

The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display oversized Windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240)

Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273)

Unsigned Applets loaded with Mozilla Firefox or Opera browsers allowed remote attackers to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5274) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service.
(CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.
(CVE-2007-3922)

NOTE: These packages have been tested to not remove newer jdks (such as 1.6 or 1.7)

Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges, allowing it to read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435)

A buffer overflow in the Java Runtime Environment image handling code was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004)

An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005)

The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML.
(CVE-2007-3503)

The Java Web Start URL parsing component contains a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.
(CVE-2007-3922)

All users of java-ibm-1.5.0 should upgrade to these updated packages, which contain IBM's 1.5.0 SR5a Java release that resolves these issues.

s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 19 : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to gain     unauthorized access or to create a Denial of Service     (DoS). References: CVE-2007-3698, CVE-2007-3922, SUN     Alert 102995, 102997. (HPSBMA02384 SSRT071465)

  - A potential security vulnerability has been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerability could be exploited remotely to create a     Denial of Service (DoS). (HPSBMA02392 SSRT071481)

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to allow     cross site scripting (XSS). (HPSBMA02388 SSRT080059)

s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19 : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to gain     unauthorized access or to create a Denial of Service     (DoS). References: CVE-2007-3698, CVE-2007-3922, SUN     Alert 102995, 102997. (HPSBMA02384 SSRT071465)

  - A potential security vulnerability has been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerability could be exploited remotely to create a     Denial of Service (DoS). (HPSBMA02392 SSRT071481)

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to allow     cross site scripting (XSS). (HPSBMA02388 SSRT080059)

s700_800 11.X OV NNM7.01 Intermediate Patch 12 : 

The remote HP-UX host is affected by multiple vulnerabilities :

  - A potential security vulnerability has been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerability could be exploited remotely to create a     Denial of Service (DoS). (HPSBMA02374 SSRT080046)

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to allow     execution of arbitrary code or unauthorized access to     data. (HPSBMA02406 SSRT080100)

  - A potential security vulnerability has been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerability could be exploited remotely to create a     Denial of Service (DoS). (HPSBMA02392 SSRT071481)

  - A potential vulnerability has been identified with HP     OpenView Network Node Manager (OV NNM). The     vulnerability could be exploited remotely execute     arbitrary code or to create a Denial of Service (DoS).
    (HPSBMA02338 SSRT080024, SSRT080041)

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to allow     cross site scripting (XSS). (HPSBMA02388 SSRT080059)

  - Potential security vulnerabilities have been identified     with HP OpenView Network Node Manager (OV NNM). The     vulnerabilities could be exploited remotely to gain     unauthorized access or to create a Denial of Service     (DoS). References: CVE-2007-3698, CVE-2007-3922, SUN     Alert 102995, 102997. (HPSBMA02384 SSRT071465)

IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1.

IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit.

A buffer overflow was found in the Java Runtime Environment image-handling code. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-3004)

An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet.
(CVE-2007-3922)

These updated packages also add the following enhancements :

* Time zone information has been updated to the latest available information, 2007h.

* Accessibility support in AWT can now be disabled through a system property, java.assistive. To support this change, permission to read this property must be added to /opt/IBMJava2-131/jre/lib/security/java.policy. Users of IBMJava2 who have modified this file should add this following line to the grant section :

permission java.util.PropertyPermission 'java.assistive', 'read';

All users of IBMJava2 should upgrade to these updated packages, which contain IBM's 1.3.1 SR11 Java release, which resolves these issues.

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6.

The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's KeyChain.

To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.

The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes :

  - A buffer overflow vulnerability in the image parsing     code in the Java(TM) Runtime Environment may allow an     untrusted applet or application to elevate its     privileges. For example, an applet may grant itself     permissions to read and write local files or execute     local applications that are accessible to the user     running the untrusted applet. (CVE-2007-2788 /     CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005)

    A second vulnerability may allow an untrusted applet or     application to cause the Java Virtual Machine to hang.

  - A buffer overflow vulnerability in the Java Web Start     URL parsing code may allow an untrusted application to     elevate its privileges. For example, an application may     grant itself permissions to read and write local files     or execute local applications with the privileges of the     user running the Java Web Start application.
    (CVE-2007-3655)

  - A security vulnerability in the Java Runtime Environment     Applet Class Loader may allow an untrusted applet that     is loaded from a remote system to circumvent network     access restrictions and establish socket connections to     certain services running on the local host, as if it     were loaded from the system that the applet is running     on. This may allow the untrusted remote applet the     ability to exploit any security vulnerabilities existing     in the services it has connected to. (CVE-2007-3922)

For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/

The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes :

  - A buffer overflow vulnerability in the image parsing     code in the Java(TM) Runtime Environment may allow an     untrusted applet or application to elevate its     privileges. For example, an applet may grant itself     permissions to read and write local files or execute     local applications that are accessible to the user     running the untrusted applet. (CVE-2007-2788 /     CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005)

    A second vulnerability may allow an untrusted applet or     application to cause the Java Virtual Machine to hang.

  - A buffer overflow vulnerability in the Java Web Start     URL parsing code may allow an untrusted application to     elevate its privileges. For example, an application may     grant itself permissions to read and write local files     or execute local applications with the privileges of the     user running the Java Web Start application.
    (CVE-2007-3655)

  - A security vulnerability in the Java Runtime Environment     Applet Class Loader may allow an untrusted applet that     is loaded from a remote system to circumvent network     access restrictions and establish socket connections to     certain services running on the local host, as if it     were loaded from the system that the applet is running     on. This may allow the untrusted remote applet the     ability to exploit any security vulnerabilities existing     in the services it has connected to. (CVE-2007-3922)

For more information see:
http://www-128.ibm.com/developerworks/java/jdk/alerts/

s700_800 11.11 OV ITO7.1X JavaGUI client A.08.27 : 

Potential security vulnerabilities have been identified in OpenView Operations (OVO) running on HP-UX and Solaris. These vulnerabilities may be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: SUN Alert 102995, 102997, CVE-2007-3922, CVE-2007-3698.

s700_800 11.X OV OVO8.X PARISC JavaGUI client A.08.27 : 

Potential security vulnerabilities have been identified in OpenView Operations (OVO) running on HP-UX and Solaris. These vulnerabilities may be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: SUN Alert 102995, 102997, CVE-2007-3922, CVE-2007-3698.

s700_800 11.X OV OVO8.X IA-64 JavaGUI client A.08.27 : 

Potential security vulnerabilities have been identified in OpenView Operations (OVO) running on HP-UX and Solaris. These vulnerabilities may be exploited remotely to gain unauthorized access or to create a Denial of Service (DoS). References: SUN Alert 102995, 102997, CVE-2007-3922, CVE-2007-3698.

The remote host is affected by the vulnerability described in GLSA-200709-15 (BEA JRockit: Multiple vulnerabilities)

    An integer overflow vulnerability exists in the embedded ICC profile     image parser (CVE-2007-2788), an unspecified vulnerability exists in     the font parsing implementation (CVE-2007-4381), and an error exists     when processing XSLT stylesheets contained in XSLT Transforms in XML     signatures (CVE-2007-3716), among other vulnerabilities.
  Impact :

    A remote attacker could trigger the integer overflow to execute     arbitrary code or crash the JVM through a specially crafted file. Also,     an attacker could perform unauthorized actions via an applet that     grants certain privileges to itself because of the font parsing     vulnerability. The error when processing XSLT stylesheets can be     exploited to execute arbitrary code. Other vulnerabilities could lead     to establishing restricted network connections to certain services,     Cross Site Scripting and Denial of Service attacks.
  Workaround :

    There is no known workaround at this time for all these     vulnerabilities.

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided which address all known flaws in Java(TM) at this time. There may be more advisories on http://sunsolve.sun.com describing other flaws that are patched with this update. Happy hunting! Slackware repackages Sun's Java(TM) binaries without changing them, so the packages from Slackware 12.0 should work on all glibc based Slackware versions.

ID	Name	Product	Family	Severity
63843	RHEL 4 : java-1.5.0-sun (RHSA-2007:0818)	Nessus	Red Hat Local Security Checks	high
60344	Scientific Linux Security Update : jdk (java) on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60316	Scientific Linux Security Update : jdk (java) on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
40706	RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829)	Nessus	Red Hat Local Security Checks	critical
39378	HP-UX PHSS_38148 : s700_800 11.X OV NNM7.53 IA-64 Intermediate Patch 19	Nessus	HP-UX Local Security Checks	high
39377	HP-UX PHSS_38147 : s700_800 11.X OV NNM7.53 PA-RISC Intermediate Patch 19	Nessus	HP-UX Local Security Checks	high
34952	HP-UX PHSS_38761 : s700_800 11.X OV NNM7.01 Intermediate Patch 12	Nessus	HP-UX Local Security Checks	critical
33247	RHEL 2.1 : IBMJava2 (RHSA-2008:0133)	Nessus	Red Hat Local Security Checks	medium
29702	Mac OS X : Java for Mac OS X 10.4 Release 6	Nessus	MacOS X Local Security Checks	critical
29475	SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)	Nessus	SuSE Local Security Checks	medium
29470	SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)	Nessus	SuSE Local Security Checks	medium
28272	HP-UX PHSS_37197 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)	Nessus	HP-UX Local Security Checks	high
28271	HP-UX PHSS_37183 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)	Nessus	HP-UX Local Security Checks	high
28270	HP-UX PHSS_37182 : HP OpenView Operations (OVO) Running on HP-UX and Solaris, Remote Unauthorized Access, Denial of Service (DoS) (HPSBMA02288 SSRT071465 rev.1)	Nessus	HP-UX Local Security Checks	high
26117	GLSA-200709-15 : BEA JRockit: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
25957	Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : java (jre, jdk) (SSA:2007-243-01)	Nessus	Slackware Local Security Checks	medium

Detections

Analytics

CVE-2007-3922

critical

Tenable Plugins

high

high

high

critical

high

high

critical

medium

critical

medium

medium

high

high

high

high

medium