Bug 672262 (CVE-2011-0025)
| Summary: | CVE-2011-0025 IcedTea jarfile signature verification bypass | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marc Schoenefeld <mschoene> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | ahughes, aph, dbhole, jlieskov, omajid, security-response-team, vdanen |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-19 21:47:20 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 4
Marc Schoenefeld
2011-02-01 14:21:39 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0025 to the following vulnerability: Name: CVE-2011-0025 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025 Assigned: 20101207 Reference: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=3bd328e4b515 Reference: http://blog.fuseyism.com/index.php/2011/02/01/security-icedtea6-178-185-195-released/ Reference: http://www.ubuntu.com/usn/USN-1055-1 Reference: http://www.securityfocus.com/bid/46110 Reference: http://secunia.com/advisories/43135 IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are "partially signed" or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source. |