Bug 452659 (CVE-2008-3103) - CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (6332953)
Summary: CVE-2008-3103 OpenJDK JMX allows illegal operations with local monitoring (63...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-3103
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 454628 454632 454633 461573 462076 462313 462486 475760 475765 475766 475819
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-06-24 12:11 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:25 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-26 16:10:30 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0594 0 normal SHIPPED_LIVE Critical: java-1.6.0-sun security update 2008-07-14 15:32:09 UTC
Red Hat Product Errata RHSA-2008:0595 0 normal SHIPPED_LIVE Critical: java-1.5.0-sun security update 2008-07-14 15:37:44 UTC
Red Hat Product Errata RHSA-2008:0636 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server Sun Java Runtime security update 2008-08-13 14:18:21 UTC
Red Hat Product Errata RHSA-2008:0891 0 normal SHIPPED_LIVE Moderate: java-1.5.0-ibm security update 2008-10-24 14:39:17 UTC
Red Hat Product Errata RHSA-2008:0906 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2008-10-24 14:44:07 UTC
Red Hat Product Errata RHSA-2008:1044 0 normal SHIPPED_LIVE Important: java-1.5.0-bea security update 2008-12-18 18:32:38 UTC
Red Hat Product Errata RHSA-2008:1045 0 normal SHIPPED_LIVE Important: java-1.6.0-bea security update 2008-12-18 18:33:38 UTC
Red Hat Product Errata RHSA-2009:0466 0 normal SHIPPED_LIVE Low: java-1.5.0-ibm security update 2009-05-07 11:45:26 UTC

Description Marc Schoenefeld 2008-06-24 12:11:03 UTC 
From Sun pre-notification, 6/23/2008

A vulnerability in the Java Management Extensions (JMX) management agent 
included in the Java Runtime Environment may allow a JMX client running on a 
remote host to perform illegal operations on a system running JMX with local 
monitoring enabled.
Comment 1 Marc Schoenefeld 2008-06-24 12:11:03 UTC 
Created attachment 310132 [details]
Test and patch from Sun partner site (6332953)
Comment 5 Fedora Update System 2008-07-09 19:17:14 UTC 
java-1.6.0-openjdk-1.6.0.0-0.16.b09.fc9 has been submitted as an update for Fedora 9
Comment 6 Fedora Update System 2008-07-09 21:46:43 UTC 
java-1.7.0-icedtea-1.7.0.0-0.20.b21.snapshot.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2008-07-15 12:13:24 UTC 
java-1.6.0-openjdk-1.6.0.0-0.16.b09.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 errata-xmlrpc 2009-05-07 12:11:03 UTC 
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.2

Via RHSA-2009:0466 https://rhn.redhat.com/errata/RHSA-2009-0466.html
Comment 18 Vincent Danen 2013-03-26 16:10:30 UTC 
This was also resolved via:

http://rhn.redhat.com/errata/RHSA-2008-0595.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0636.html (Satellite 5.1)
http://rhn.redhat.com/errata/RHSA-2008-0906.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0594.html (RHEL4, RHEL5)
http://rhn.redhat.com/errata/RHSA-2008-0891.html (RHEL4, RHEL5)
Note You need to log in before you can comment on or make changes to this bug.