PT-2009-4356 · Red Hat+2 · Fedora+4
Marc Schoenefeld
·
Published
2009-08-10
·
Updated
2009-08-26
·
CVE-2009-1896
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
OpenJDK versions prior to 1.6.0.0-20.b16.fc10 on Fedora 10
OpenJDK versions prior to 1.6.0.0-27.b16.fc11 on Fedora 11
Description:
The Java Web Start framework in IcedTea in OpenJDK has an issue where it trusts an entire application when at least one of the listed jar files is trusted. This allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
Recommendations:
For OpenJDK versions prior to 1.6.0.0-20.b16.fc10 on Fedora 10, update to version 1.6.0.0-20.b16.fc10 or later.
For OpenJDK versions prior to 1.6.0.0-27.b16.fc11 on Fedora 11, update to version 1.6.0.0-27.b16.fc11 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fedora
Icedtea
Java Web Start
Netx
Openjdk