CVE-2010-4351
Published: 20 January 2011
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
Priority
Status
Package | Release | Status |
---|---|---|
icedtea-web Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Not vulnerable
(1.2-2ubuntu0.10.04.1)
|
|
maverick |
Does not exist
|
|
natty |
Not vulnerable
(1.1~20110406-0ubuntu1)
|
|
oneiric |
Not vulnerable
(1.1~20110406-0ubuntu1)
|
|
upstream |
Needs triage
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b27-1.12.3-0ubuntu1~08.04.1)
|
|
karmic |
Released
(6b20-1.9.4-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b20-1.9.4-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b20-1.9.4-0ubuntu1)
|
|
natty |
Released
(6b21~pre1-0ubuntu1)
|
|
oneiric |
Released
(6b21~pre1-0ubuntu1)
|
|
upstream |
Released
(1.7.7,1.8.4,1.9.4)
|
|
Patches: upstream: http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/7ec6c82e69ee |
||
openjdk-6b18 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(6b18-1.8.4-0ubuntu1~9.10.1)
|
|
lucid |
Released
(6b18-1.8.4-0ubuntu1~10.04.1)
|
|
maverick |
Released
(6b18-1.8.5-0ubuntu1)
|
|
natty |
Not vulnerable
(6b18-1.8.8~pre1-0ubuntu1)
|
|
oneiric |
Not vulnerable
(6b18-1.8.8~pre1-0ubuntu1)
|
|
upstream |
Released
(1.7.7,1.8.4,1.9.4)
|
|
sun-java5 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Not vulnerable
|
|
sun-java6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Not vulnerable
|
References
- http://www.zerodayinitiative.com/advisories/ZDI-11-014/
- http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/
- https://ubuntu.com/security/notices/USN-1052-1
- https://ubuntu.com/security/notices/USN-1055-1
- https://www.cve.org/CVERecord?id=CVE-2010-4351
- NVD
- Launchpad
- Debian