Oracle Java SE and Java for Business Unspecified Vulnerabilities

Bugtraq ID:	39492
Class:	Unknown
CVE:	CVE-2010-0886 CVE-2010-0887
Remote:	Yes
Local:	No
Published:	Apr 15 2010 12:00AM
Updated:	Apr 26 2011 04:03PM
Credit:	The vendor.
Vulnerable:	VMWare vCenter 4.1 VMWare ESX Server 4.1 ESX410-201011402 VMWare ESX Server 4.1 VMWare ESX 4.1 Sun JRE (Windows Production Release) 1.6 _13 Sun JRE (Windows Production Release) 1.6 _12 Sun JRE (Windows Production Release) 1.6 _10 Sun JRE (Windows Production Release) 1.6.0_19 Sun JRE (Windows Production Release) 1.6.0_18 Sun JRE (Windows Production Release) 1.6.0_15 Sun JRE (Windows Production Release) 1.6.0_14 Sun JRE (Windows Production Release) 1.6.0_11 Sun JRE (Linux Production Release) 1.6 _13 Sun JRE (Linux Production Release) 1.6 _12 Sun JRE (Linux Production Release) 1.6 _10 Sun JRE (Linux Production Release) 1.6.0_19 Sun JRE (Linux Production Release) 1.6.0_18 Sun JRE (Linux Production Release) 1.6.0_15 Sun JRE (Linux Production Release) 1.6.0_14 Sun JRE (Linux Production Release) 1.6.0_11 Sun JDK (Windows Production Release) 1.6 _17 Sun JDK (Windows Production Release) 1.6 _14 Sun JDK (Windows Production Release) 1.6 _13 Sun JDK (Windows Production Release) 1.6 _11 Sun JDK (Windows Production Release) 1.6 _10 Sun JDK (Windows Production Release) 1.6 _07 Sun JDK (Windows Production Release) 1.6 _06 Sun JDK (Windows Production Release) 1.6 _05 Sun JDK (Windows Production Release) 1.6 _04 Sun JDK (Windows Production Release) 1.6 Sun JDK (Windows Production Release) 1.6.0_19 Sun JDK (Windows Production Release) 1.6.0_18 Sun JDK (Windows Production Release) 1.6.0_15 Sun JDK (Windows Production Release) 1.6.0_03 Sun JDK (Windows Production Release) 1.6.0_02 Sun JDK (Windows Production Release) 1.6.0_01-b06 Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK (Solaris Production Release) 1.6 _17 Sun JDK (Solaris Production Release) 1.6 _14 Sun JDK (Solaris Production Release) 1.6 _13 Sun JDK (Solaris Production Release) 1.6 _11 Sun JDK (Solaris Production Release) 1.6 _10 Sun JDK (Solaris Production Release) 1.6 _07 Sun JDK (Solaris Production Release) 1.6 _06 Sun JDK (Solaris Production Release) 1.6 _05 Sun JDK (Solaris Production Release) 1.6 _04 Sun JDK (Solaris Production Release) 1.6 _01-b06 Sun JDK (Solaris Production Release) 1.6 Sun JDK (Solaris Production Release) 1.6.0_19 Sun JDK (Solaris Production Release) 1.6.0_18 Sun JDK (Solaris Production Release) 1.6.0_15 Sun JDK (Solaris Production Release) 1.6.0_03 Sun JDK (Solaris Production Release) 1.6.0_02 Sun JDK (Solaris Production Release) 1.6.0_01 Sun JDK (Linux Production Release) 1.6 _17 Sun JDK (Linux Production Release) 1.6 _14 Sun JDK (Linux Production Release) 1.6 _13 Sun JDK (Linux Production Release) 1.6 _11 Sun JDK (Linux Production Release) 1.6 _10 Sun JDK (Linux Production Release) 1.6 _07 Sun JDK (Linux Production Release) 1.6 _06 Sun JDK (Linux Production Release) 1.6 _05 Sun JDK (Linux Production Release) 1.6 _04 Sun JDK (Linux Production Release) 1.6 _01-b06 Sun JDK (Linux Production Release) 1.6 _01 Sun JDK (Linux Production Release) 1.6 Sun JDK (Linux Production Release) 1.6.0_19 Sun JDK (Linux Production Release) 1.6.0_18 Sun JDK (Linux Production Release) 1.6.0_15 Sun JDK (Linux Production Release) 1.6.0_03 Sun JDK (Linux Production Release) 1.6.0_02 RedHat Enterprise Linux WS Extras 4 RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux ES Extras 4 RedHat Enterprise Linux AS Extras 4 RedHat Desktop Extras 4 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Desktop Supplementary 5 client Gentoo Linux Apple Mac OS X Server 10.6.3 Apple Mac OS X Server 10.6.2 Apple Mac OS X Server 10.6.1 Apple Mac OS X Server 10.5.8 Apple Mac OS X Server 10.5.7 Apple Mac OS X Server 10.5.6 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.6 Apple Mac OS X Server 10.5 Apple Mac OS X 10.6.3 Apple Mac OS X 10.6.2 Apple Mac OS X 10.6.1 Apple Mac OS X 10.5.8 Apple Mac OS X 10.5.7 Apple Mac OS X 10.5.6 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.6 Apple Mac OS X 10.5
Not Vulnerable:	VMWare vCenter 4.1 Update 1 VMWare ESX Server 4.1 ESX410-201101201 Sun JRE (Windows Production Release) 1.6.0_20 Sun JRE (Linux Production Release) 1.6.0_20 Sun JDK (Windows Production Release) 1.6.0_20 Sun JDK (Solaris Production Release) 1.6.0_20 Sun JDK (Linux Production Release) 1.6.0_20 IBM Java SE 6 SR8 FP1

Oracle Java SE and Java for Business Unspecified Vulnerabilities

Oracle Java SE and Java for Business are prone to multiple unspecified vulnerabilities.

Successful attacks may allow attackers to gain unauthorized access to a computer in the context of the user running the affected application.

The issues affect Java Runtime Environment versions prior to 1.6.0_20 (JRE 6 Update 20).

These issues may be related to the vulnerability described in BID 39346 (Oracle JRE Java Platform SE and Java Deployment Toolkit Plugins Code Execution Vulnerabilities). This BID will be updated when more information becomes available.

Oracle Java SE and Java for Business Unspecified Vulnerabilities

This issue is being exploited in the wild as part of the BlackHole exploit kit.

Oracle Java SE and Java for Business Unspecified Vulnerabilities

Solution:
Updates are available. Please see the references for more information.


Apple Mac OS X 10.6.3

• Apple JavaForMacOSX10.6Update2.dmg
  http://www.apple.com/support/downloads/

Oracle Java SE and Java for Business Unspecified Vulnerabilities

References:

• BlackHole Exploit Kit (Alen Puzic)
  
• Security Alert for CVE-2010-0886 and CVE-2010-0887 Released (Oracle)
  
• Sun Java Homepage (Sun Microsystems)
  
• Sun's latest Java security alerts (IBM)
  
• Changes in 1.6.0_20 (6u20) (Sun)
  
• Microsoft Security Bulletin MS11-027 (Microsoft)
  
• Oracle Security Alert CVE-2010-0886 (Oracle)