PT-2006-3387 · Sun+1 · Sun Jdk+3
Marc Schoenefeld
·
Publicado
2006-05-17
·
Atualizado
2018-10-18
·
CVE-2006-2426
CVSS v2.0
6.4
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java Runtime Environment (JRE) versions 1.5.0 6 and earlier
Sun JDK versions 1.5.0 6 and earlier
Sun SDK versions 1.5.0 6 and earlier
Description
The issue allows remote attackers to cause a denial of service by consuming disk space. This is achieved by using the
Font.createFont function to create temporary files of arbitrary size in the %temp% directory.Recommendations
For Sun Java Runtime Environment (JRE) versions 1.5.0 6 and earlier, consider restricting access to the
Font.createFont function until a patch is available.
For Sun JDK versions 1.5.0 6 and earlier, restrict the ability to create temporary files in the %temp% directory to minimize the risk of exploitation.
For Sun SDK versions 1.5.0 6 and earlier, limit the size of temporary files that can be created using the Font.createFont function to prevent disk consumption.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Red Hat
Sun Jdk
Sun Java Runtime Environment
Sun Sdk