Bug 454605 (CVE-2008-3111)

Summary: CVE-2008-3111 Java Web Start Buffer overflow vulnerabilities (6557220)
Product: [Other] Security Response Reporter: Marc Schoenefeld <mschoene>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kreilly
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-12-20 22:01:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 454632, 454633, 456880, 456881, 457470    
Bug Blocks:    

Description Marc Schoenefeld 2008-07-09 10:46:44 UTC 
Sunalert, 238905, First Issue

Buffer overflow vulnerabilities in Java Web Start may allow an untrusted Java
Web Start application to elevate its privileges. For example, an untrusted Java
Web Start application may grant itself permissions to read and write local files
or execute local applications that are accessible to the user running the
untrusted application.
Comment 4 Vincent Danen 2010-12-20 22:01:45 UTC 
This issue has been corrected via:

Red Hat Enterprise Linux version 4 Extras (RHSA-2008:0595 (java-1.5.0-sun) and RHSA-2008:0790 (java-1.5.0-ibm))
RHEL Supplementary version 5 (RHSA-2008:0595 (java-1.5.0-sun) and RHSA-2008:0790 (java-1.5.0-ibm))
Red Hat Network Satellite Server 5.1 (RHEL v.4 AS) (RHSA-2008:0636 (java-1.5.0-sun) and RHSA-2008:0638 (java-1.5.0-ibm))