National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-6731)

National Cyber-Alert System

Vulnerability Summary for CVE-2006-6731

Original release date:12/26/2006

Last revised:11/20/2009

Source: US-CERT/NIST

Overview

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:9.3 (HIGH) (AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)

Impact Subscore: 10.0

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type:Provides administrator access, Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#939609

Name: VU#939609

Hyperlink:http://www.kb.cert.org/vuls/id/939609

US-CERT Vulnerability Note: VU#149457

Name: VU#149457

Hyperlink:http://www.kb.cert.org/vuls/id/149457

US-CERT Technical Alert: TA07-022A

Name: TA07-022A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA07-022A.html

External Source: BID

Name: 21675

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/21675

External Source: VUPEN

Name: ADV-2006-5073

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/5073

External Source: SUNALERT

Name: 102729

Type: Patch Information

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1

External Source: SECTRACK

Name: 1017425

Hyperlink:http://securitytracker.com/id?1017425

External Source: SECUNIA

Name: 23650

Type: Advisory

Hyperlink:http://secunia.com/advisories/23650

External Source: SECUNIA

Name: 23445

Type: Advisory

Hyperlink:http://secunia.com/advisories/23445

External Source: MISC

Name: http://scary.beasts.org/security/CESA-2005-008.txt

Hyperlink:http://scary.beasts.org/security/CESA-2005-008.txt

External Source: SUSE

Name: SUSE-SA:2007:003

Type: Advisory

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-Jan/0003.html

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: REDHAT

Name: RHSA-2007:0073

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0073.html

External Source: REDHAT

Name: RHSA-2007:0072

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0072.html

External Source: REDHAT

Name: RHSA-2007:0062

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0062.html

External Source: SUSE

Name: SUSE-SA:2007:010

Hyperlink:http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html

External Source: GENTOO

Name: GLSA-200705-20

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200705-20.xml

External Source: VUPEN

Name: ADV-2007-4224

Hyperlink:http://www.frsirt.com/english/advisories/2007/4224

External Source: VUPEN

Name: ADV-2007-1814

Hyperlink:http://www.frsirt.com/english/advisories/2007/1814

External Source: VUPEN

Name: ADV-2007-0936

Hyperlink:http://www.frsirt.com/english/advisories/2007/0936

External Source: GENTOO

Name: GLSA-200702-08

Hyperlink:http://security.gentoo.org/glsa/glsa-200702-08.xml

External Source: GENTOO

Name: GLSA-200701-15

Hyperlink:http://security.gentoo.org/glsa/glsa-200701-15.xml

External Source: SECUNIA

Name: 28115

Hyperlink:http://secunia.com/advisories/28115

External Source: SECUNIA

Name: 25404

Hyperlink:http://secunia.com/advisories/25404

External Source: SECUNIA

Name: 25283

Hyperlink:http://secunia.com/advisories/25283

External Source: SECUNIA

Name: 24468

Hyperlink:http://secunia.com/advisories/24468

External Source: SECUNIA

Name: 24189

Hyperlink:http://secunia.com/advisories/24189

External Source: SECUNIA

Name: 24099

Hyperlink:http://secunia.com/advisories/24099

External Source: SECUNIA

Name: 23835

Hyperlink:http://secunia.com/advisories/23835

External Source: APPLE

Name: APPLE-SA-2007-12-14

Hyperlink:http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html

External Source: HP

Name: SSRT071318

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00876579

External Source: MISC

Name: http://docs.info.apple.com/article.html?artnum=307177

Hyperlink:http://docs.info.apple.com/article.html?artnum=307177

External Source: BEA

Name: BEA07-174.00

Hyperlink:http://dev2dev.bea.com/pub/advisory/243

Vulnerable software and versions

Configuration 1

* cpe:/a:sun:jdk:1.5.0:update7 and previous versions

* cpe:/a:sun:jre:1.3.1:update18 and previous versions

* cpe:/a:sun:jre:1.4.2:update12 and previous versions

* cpe:/a:sun:jre:1.5.0:update7 and previous versions

* cpe:/a:sun:sdk:1.3.1_18 and previous versions

* cpe:/a:sun:sdk:1.4.2_12 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731