Bug 706153 (CVE-2011-0867) - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
Summary: CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-0867
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 668488 676275 709375 709376 711408 711409 711410 720963 720964 720965 723824 723825 723826 729588 729589 729907 729908 729909
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-19 16:14 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:45 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-06 07:29:12 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:0856 normal SHIPPED_LIVE Critical: java-1.6.0-openjdk security update 2011-06-08 14:31:42 UTC
Red Hat Product Errata RHSA-2011:0857 normal SHIPPED_LIVE Important: java-1.6.0-openjdk security update 2011-06-08 14:53:42 UTC
Red Hat Product Errata RHSA-2011:0860 normal SHIPPED_LIVE Critical: java-1.6.0-sun security update 2011-06-08 15:25:07 UTC
Red Hat Product Errata RHSA-2011:0938 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2011-07-15 05:57:15 UTC
Red Hat Product Errata RHSA-2011:1087 normal SHIPPED_LIVE Critical: java-1.5.0-ibm security update 2011-07-22 22:54:34 UTC
Red Hat Product Errata RHSA-2011:1159 normal SHIPPED_LIVE Critical: java-1.4.2-ibm security update 2011-08-15 17:49:36 UTC
Red Hat Product Errata RHSA-2011:1265 normal SHIPPED_LIVE Moderate: java-1.4.2-ibm-sap security update 2011-09-06 21:20:08 UTC
Red Hat Product Errata RHSA-2013:1455 normal SHIPPED_LIVE Low: Red Hat Network Satellite server IBM Java Runtime security update 2013-10-23 20:30:21 UTC

Description Marc Schoenefeld 2011-05-19 16:14:03 UTC
An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code.

Comment 2 Marc Schoenefeld 2011-05-19 16:17:56 UTC
Reproducer can be found at http://slightlyrandombrokenthoughts.blogspot.com/2011/02/trusted-method-chaining-for-network.html

Comment 5 Tomas Hoger 2011-06-07 14:38:37 UTC
An information leak was found in NetworkInterface.  Unprivileged code could obtain certain network interface configuration information via trusted method chaining.  Details can be found in the blog post linked in comment #2.

Comment 7 errata-xmlrpc 2011-06-08 14:31:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0856 https://rhn.redhat.com/errata/RHSA-2011-0856.html

Comment 8 errata-xmlrpc 2011-06-08 14:53:54 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0857 https://rhn.redhat.com/errata/RHSA-2011-0857.html

Comment 9 errata-xmlrpc 2011-06-08 15:25:29 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0860 https://rhn.redhat.com/errata/RHSA-2011-0860.html

Comment 11 errata-xmlrpc 2011-07-15 05:57:35 UTC
This issue has been addressed in following products:

  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2011:0938 https://rhn.redhat.com/errata/RHSA-2011-0938.html

Comment 12 errata-xmlrpc 2011-07-22 22:54:49 UTC
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Extras for RHEL 4
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2011:1087 https://rhn.redhat.com/errata/RHSA-2011-1087.html

Comment 13 errata-xmlrpc 2011-08-15 17:49:52 UTC
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:1159 https://rhn.redhat.com/errata/RHSA-2011-1159.html

Comment 14 errata-xmlrpc 2011-09-06 21:20:30 UTC
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:1265 https://rhn.redhat.com/errata/RHSA-2011-1265.html

Comment 15 errata-xmlrpc 2013-10-23 16:57:57 UTC
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2013:1455 https://rhn.redhat.com/errata/RHSA-2013-1455.html


Note You need to log in before you can comment on or make changes to this bug.