National Cyber Awareness System

Vulnerability Summary for CVE-2010-0840

Overview

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Description

Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html 'Affected product releases and versions: • Java SE: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux • JDK 5.0 Update 23 and earlier for Solaris • SDK 1.4.2_25 and earlier for Solaris • Java for Business: • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux'

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: http://www.zerodayinitiative.com/advisories/ZDI-10-056

Hyperlink:http://www.zerodayinitiative.com/advisories/ZDI-10-056

External Source: VUPEN

Name: ADV-2010-1793

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1793

External Source: VUPEN

Name: ADV-2010-1523

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1523

External Source: VUPEN

Name: ADV-2010-1454

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1454

External Source: VUPEN

Name: ADV-2010-1191

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1191

External Source: VUPEN

Name: ADV-2010-1107

Hyperlink:http://www.vupen.com/english/advisories/2010/1107

External Source: CONFIRM

Name: http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Hyperlink:http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

External Source: CONFIRM

Name: http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Hyperlink:http://www.vmware.com/security/advisories/VMSA-2011-0003.html

External Source: BID

Name: 39065

Hyperlink:http://www.securityfocus.com/bid/39065

External Source: BUGTRAQ

Name: 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/516397/100/0/threaded

External Source: BUGTRAQ

Name: 20100405 ZDI-10-056: Sun Java Runtime Environment Trusted Methods Chaining Remote Code Execution Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/510528/100/0/threaded

External Source: REDHAT

Name: RHSA-2010:0489

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0489.html

External Source: REDHAT

Name: RHSA-2010:0471

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0471.html

External Source: REDHAT

Name: RHSA-2010:0383

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0383.html

External Source: REDHAT

Name: RHSA-2010:0339

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0339.html

External Source: REDHAT

Name: RHSA-2010:0338

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0338.html

External Source: REDHAT

Name: RHSA-2010:0337

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0337.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/javacpumar2010-083341.html

External Source: CONFIRM

Name: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

Hyperlink:http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

External Source: MANDRIVA

Name: MDVSA-2010:084

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:084

External Source: UBUNTU

Name: USN-923-1

Hyperlink:http://ubuntu.com/usn/usn-923-1

External Source: CONFIRM

Name: http://support.apple.com/kb/HT4171

Hyperlink:http://support.apple.com/kb/HT4171

External Source: CONFIRM

Name: http://support.apple.com/kb/HT4170

Hyperlink:http://support.apple.com/kb/HT4170

External Source: SECUNIA

Name: 43308

Type: Advisory

Hyperlink:http://secunia.com/advisories/43308

External Source: SECUNIA

Name: 40545

Type: Advisory

Hyperlink:http://secunia.com/advisories/40545

External Source: SECUNIA

Name: 40211

Type: Advisory

Hyperlink:http://secunia.com/advisories/40211

External Source: SECUNIA

Name: 39819

Type: Advisory

Hyperlink:http://secunia.com/advisories/39819

External Source: SECUNIA

Name: 39659

Type: Advisory

Hyperlink:http://secunia.com/advisories/39659

External Source: SECUNIA

Name: 39317

Type: Advisory

Hyperlink:http://secunia.com/advisories/39317

External Source: SECUNIA

Name: 39292

Type: Advisory

Hyperlink:http://secunia.com/advisories/39292

External Source: OVAL

Name: oval:org.mitre.oval:def:9974

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9974

External Source: OVAL

Name: oval:org.mitre.oval:def:13971

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:13971

External Source: SUSE

Name: SUSE-SR:2010:017

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

External Source: SUSE

Name: SUSE-SR:2010:011

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

External Source: SUSE

Name: SUSE-SR:2010:008

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html

External Source: APPLE

Name: APPLE-SA-2010-05-18-2

Hyperlink:http://lists.apple.com/archives/security-announce/2010//May/msg00002.html

External Source: APPLE

Name: APPLE-SA-2010-05-18-1

Hyperlink:http://lists.apple.com/archives/security-announce/2010//May/msg00001.html

External Source: HP

Name: SSRT100179

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

External Source: HP

Name: SSRT100179

Hyperlink:http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

References to Check Content

Identifier:oval:org.mitre.oval:def:9974

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9974

Identifier:oval:org.mitre.oval:def:13971

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:13971