PT-2016-4170 · Ibm+2 · Ibm Sdk+3

Adam Gowdiak

·

Published

2016-04-29

·

Updated

2023-09-12

·

CVE-2016-0376

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions IBM SDK, Java Technology Edition versions 6.0.0 through 6.0.16.24 IBM SDK, Java Technology Edition 6 R1 versions 6.1.0 through 6.1.8.24 IBM SDK, Java Technology Edition 7 versions 7.0.0 through 7.0.9.39 IBM SDK, Java Technology Edition 7 R1 versions 7.1.0 through 7.1.3.39 IBM SDK, Java Technology Edition 8 versions 8.0.0 through 8.0.2.0
Description The issue allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code. This is due to the improper deserialization of classes in an AccessController doPrivileged block. The readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface, demonstrates this vulnerability. It enables code running under a security manager to escalate its privileges by modifying or removing the security manager.
Recommendations For IBM SDK, Java Technology Edition 6, update to version 6.0.16.25 or later. For IBM SDK, Java Technology Edition 6 R1, update to version 6.1.8.25 or later. For IBM SDK, Java Technology Edition 7, update to version 7.0.9.40 or later. For IBM SDK, Java Technology Edition 7 R1, update to version 7.1.3.40 or later. For IBM SDK, Java Technology Edition 8, update to version 8.0.3.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2016-0376
RHSA-2016:0701
RHSA-2016:0702
RHSA-2016:0708
RHSA-2016:0716
RHSA-2016:1039
RHSA-2016:1430
RHSA-2016_0701
RHSA-2016_0708
RHSA-2016_0716
RHSA-2016_1039
RHSA-2017:1216
SUSE-SU-2016:1299-1
SUSE-SU-2016:1300-1
SUSE-SU-2016:1303-1
SUSE-SU-2016:1378-1
SUSE-SU-2016:1379-1
SUSE-SU-2016:1458-1
SUSE-SU-2016:1475-1

Affected Products

Ibm Aix
Ibm Sdk
Red Hat
Suse