PT-2018-2769 · Eclipse+3 · Eclipse Openj9+3

Jeff Dileo

Publicado

2018-05-11

Atualizado

2019-10-09

CVE-2018-12539

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Eclipse OpenJ9 version 0.8

Description The issue is related to the Java Attach API, which is enabled by default on Windows, Linux, and AIX JVMs. This allows users other than the process owner to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and execute untrusted native code using Attach API operations. The vulnerability may also be related to the recovery of an invalid data structure in memory, potentially allowing an attacker to execute arbitrary code. A local attacker could exploit this to gain elevated privileges on the system.

Recommendations For Eclipse OpenJ9 version 0.8, consider disabling the Java Attach API using the command line option -Dcom.ibm.tools.attach.enable=no as a temporary workaround to minimize the risk of exploitation.

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-419CWE-502

Identificadores relacionados

BDU:2019-01762

CVE-2018-12539

RHSA-2018:2568

RHSA-2018:2569

RHSA-2018:2575

RHSA-2018:2576

RHSA-2018:2712

RHSA-2018:2713

RHSA-2018_2568

RHSA-2018_2569

RHSA-2018_2575

RHSA-2018_2576

SUSE-SU-2018:2574-1

SUSE-SU-2018:2583-1

SUSE-SU-2018:2649-1

SUSE-SU-2018:2649-2

SUSE-SU-2018:2839-1

SUSE-SU-2018:2839-2

SUSE-SU-2018:3082-1

SUSE-SU-2018_2574-1

SUSE-SU-2018_2583-1

SUSE-SU-2018_2649-1

SUSE-SU-2018_2649-2

Produtos afetados

Eclipse Openj9

Ibm Aix

Red Hat

Suse

PT-2018-2769 · Eclipse+3 · Eclipse Openj9+3

CVE-2018-12539

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 64