CVE-2010-4351

Sažetak

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=663680
http://www.zerodayinitiative.com/advisories/ZDI-11-014/
http://www.securityfocus.com/bid/45894
http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/
http://www.vupen.com/english/advisories/2011/0166
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html
http://www.vupen.com/english/advisories/2011/0165
http://osvdb.org/70605
http://secunia.com/advisories/43002
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html
http://www.redhat.com/support/errata/RHSA-2011-0176.html
http://www.vupen.com/english/advisories/2011/0215
http://secunia.com/advisories/43085
http://www.ubuntu.com/usn/USN-1052-1
http://secunia.com/advisories/43078
http://www.vupen.com/english/advisories/2011/0239
http://www.ubuntu.com/usn/USN-1055-1
http://secunia.com/advisories/43135
http://www.debian.org/security/2011/dsa-2224
http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
http://security.gentoo.org/glsa/glsa-201406-32.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/64893

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

13-02-2023 - 04:28

Objavljeno

20-01-2011 - 19:00