PT-2006-3387 · Sun+1 · Sun Jdk+3
Marc Schoenefeld
·
Published
2006-05-17
·
Updated
2018-10-18
·
CVE-2006-2426
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Sun Java Runtime Environment (JRE) versions 1.5.0 6 and earlier
Sun JDK versions 1.5.0 6 and earlier
Sun SDK versions 1.5.0 6 and earlier
Description
The issue allows remote attackers to cause a denial of service by consuming disk space. This is achieved by using the
Font.createFont function to create temporary files of arbitrary size in the %temp% directory.Recommendations
For Sun Java Runtime Environment (JRE) versions 1.5.0 6 and earlier, consider restricting access to the
Font.createFont function until a patch is available.
For Sun JDK versions 1.5.0 6 and earlier, restrict the ability to create temporary files in the %temp% directory to minimize the risk of exploitation.
For Sun SDK versions 1.5.0 6 and earlier, limit the size of temporary files that can be created using the Font.createFont function to prevent disk consumption.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat
Sun Jdk
Sun Java Runtime Environment
Sun Sdk