Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3867 to the following vulnerability: Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3867 http://zerodayinitiative.com/advisories/ZDI-09-076/ http://java.sun.com/javase/6/webnotes/6u17.html http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1 http://www.securityfocus.com/bid/36881 http://securitytracker.com/id?1023132 http://secunia.com/advisories/37231 http://www.vupen.com/english/advisories/2009/3131
This issue affects the versions of the java-1.5.0-sun package, as shipped with Red Hat Enterprise Linux 4 and 5. This issue affects the versions of the java-1.6.0-sun package, as shipped with Red Hat Enterprise Linux 4 and 5.
*** Bug 532909 has been marked as a duplicate of this bug. ***
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1560 https://rhn.redhat.com/errata/RHSA-2009-1560.html
This issue has been addressed in following products: Extras for RHEL 3 Extras for Red Hat Enterprise Linux 5 Extras for RHEL 4 Via RHSA-2009:1643 https://rhn.redhat.com/errata/RHSA-2009-1643.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1647 https://rhn.redhat.com/errata/RHSA-2009-1647.html
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2009:1694 https://rhn.redhat.com/errata/RHSA-2009-1694.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.3 Via RHSA-2010:0043 https://rhn.redhat.com/errata/RHSA-2010-0043.html
This issue has been addressed in following products: RHEL 4 for SAP RHEL 5 for SAP Via RHSA-2010:0408 https://rhn.redhat.com/errata/RHSA-2010-0408.html