FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
16846d1e-f1de-11e1-8bd8-0022156e8794Java 1.7 -- security manager bypass

US-CERT reports:

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions.

By leveraging the public, privileged getField() function, an untrusted Java applet can escalate its privileges by calling the setSecurityManager() function to allow full privileges, without requiring code signing.

This vulnerability is being actively exploited in the wild, and exploit code is publicly available.

This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager.


Discovery 2012-08-27
Entry 2012-08-30
Modified 2012-08-31
openjdk
ge 7.0 lt 7.6.24_1

linux-sun-jdk
ge 7.0 lt 7.7

linux-sun-jre
ge 7.0 lt 7.7

CVE-2012-4681
636312
http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
18e5428f-ae7c-11d9-837d-000e0c2e438ajdk -- jar directory traversal vulnerability

Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system.

The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicious jar file in order to overwrite arbitrary files within the filesystem.


Discovery 2005-04-11
Entry 2005-04-16
Modified 2006-09-12
jdk
le 1.2.2p11_3

ge 1.3.* le 1.3.1p9_4

ge 1.4.* le 1.4.2p7

ge 1.5.* le 1.5.0p1_1

linux-ibm-jdk
le 1.4.2_1

linux-sun-jdk
le 1.4.2.08_1

eq 1.5.0b1

eq 1.5.0b1,1

ge 1.5.0,2 le 1.5.0.02,2

linux-blackdown-jdk
le 1.4.2_2

diablo-jdk
le 1.3.1.0_1

diablo-jdk-freebsd6
le i386.1.5.0.07.00

linux-jdk
ge 0

CVE-2005-1080
http://marc.theaimsgroup.com/?l=bugtraq&m=111331593310508
http://www.securiteam.com/securitynews/5IP0C0AFGW.html
http://secunia.com/advisories/14902/
ac619d06-3ef8-11d9-8741-c942c075aa41jdk/jre -- Security Vulnerability With Java Plugin

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code.


Discovery 2004-11-24
Entry 2004-11-25
Modified 2005-04-27
jdk
ge 1.4.0 le 1.4.2p6_6

ge 1.3.0 le 1.3.1p9_5

linux-jdk
linux-sun-jdk
ge 1.4.0 le 1.4.2.05

ge 1.3.0 le 1.3.1.13

linux-blackdown-jdk
ge 1.3.0 le 1.4.2

linux-ibm-jdk
ge 1.3.0 le 1.4.2

diablo-jdk
diablo-jre
ge 1.3.1.0 le 1.3.1.0_1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=%22category:security%22%20%22availability,%20security%22
http://www.securityfocus.com/archive/1/382072
CVE-2004-1029
http://marc.theaimsgroup.com/?l=bugtraq&m=110125046627909
c93e4d41-75c5-11dc-b903-0016179b2dd5jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented

SUN reports:

A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.


Discovery 2007-10-03
Entry 2007-10-08
Modified 2007-11-16
jdk
ge 1.3.0 lt 1.6.0.3p3

ge 1.5.0,1 lt 1.5.0.13p7,1

linux-blackdown-jdk
ge 1.3.0

linux-sun-jdk
ge 1.3.0 lt 1.3.1.20

ge 1.4.0 lt 1.4.2.16

eq 1.5.0.b1

eq 1.5.0.b1,1

ge 1.5.0,2 lt 1.5.0.13,2

ge 1.6.0 lt 1.6.0.03

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
CVE-2007-5232
d5e0317e-5e45-11e2-a113-c48508086173java 7.x -- security manager bypass

US CERT reports:

Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document states, "If there is a security manager already installed, this method first calls the security manager's checkPermission method with a RuntimePermission("setSecurityManager") permission to ensure it's safe to replace the existing security manager. This may result in throwing a SecurityException".

By leveraging the vulnerability in the Java Management Extensions (JMX) MBean components, unprivileged Java code can access restricted classes. By using that vulnerability in conjunction with a second vulnerability involving the Reflection API and the invokeWithArguments method of the MethodHandle class, an untrusted Java applet can escalate its privileges by calling the the setSecurityManager() function to allow full privileges, without requiring code signing. Oracle Java 7 update 10 and earlier Java 7 versions are affected. The invokeWithArguments method was introduced with Java 7, so therefore Java 6 is not affected.

This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.

Esteban Guillardoy from Immunity Inc. additionally clarifies on the recursive reflection exploitation technique:

The real issue is in the native sun.reflect.Reflection.getCallerClass method.

We can see the following information in the Reflection source code:

Returns the class of the method realFramesToSkip frames up the stack (zero-based), ignoring frames associated with java.lang.reflect.Method.invoke() and its implementation.

So what is happening here is that they forgot to skip the frames related to the new Reflection API and only the old reflection API is taken into account.

This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager.

For users who are running native Web browsers with enabled Java plugin, the workaround is to remove the java/icedtea-web port and restart all browser instances.

For users who are running Linux Web browser flavors, the workaround is either to disable the Java plugin in browser or to upgrade linux-sun-* packages to the non-vulnerable version.

It is not recommended to run untrusted applets using appletviewer, since this may lead to the execution of the malicious code on vulnerable versions on JDK/JRE.


Discovery 2013-01-10
Entry 2013-01-14
openjdk7
gt 0

linux-sun-jdk
ge 7.0 lt 7.11

linux-sun-jre
ge 7.0 lt 7.11

CVE-2013-0433
625617
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf