Vulnerability Name:

CVE-2006-2426 (CCN-26493)

Assigned:2006-05-14
Published:2006-05-14
Updated:2018-10-18
Summary:Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Sat May 13 2006 - 20:57:51 CDT
JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

Source: MITRE
Type: CNA
CVE-2006-2426

Source: CCN
Type: RHSA-2009-0377
Important: java-1.6.0-openjdk security update

Source: CCN
Type: RHSA-2009-0392
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2009-0394
Critical: java-1.5.0-sun security update

Source: CCN
Type: RHSA-2009-1662
Low: Red Hat Network Satellite Server Sun Java Runtime security update

Source: CCN
Type: SA20132
Sun Java JRE Large Temporary File Creation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
20132

Source: SECUNIA
Type: UNKNOWN
20457

Source: SECUNIA
Type: UNKNOWN
34489

Source: SECUNIA
Type: UNKNOWN
34495

Source: SECUNIA
Type: UNKNOWN
34496

Source: SECUNIA
Type: UNKNOWN
34632

Source: SECUNIA
Type: UNKNOWN
34675

Source: SREASON
Type: UNKNOWN
909

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm

Source: CCN
Type: ASA-2009-108
java-1.6.0-sun security update (RHSA-2009-0392)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm

Source: CCN
Type: ASA-2009-109
java-1.5.0-sun security update (RHSA-2009-0394)

Source: DEBIAN
Type: UNKNOWN
DSA-1769

Source: DEBIAN
Type: DSA-1769
openjdk-6 -- several vulnerabilities

Source: MISC
Type: Exploit
http://www.illegalaccess.org/exploit/FullDiskApplet.html

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:137

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:162

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:012

Source: OSVDB
Type: UNKNOWN
25561

Source: CCN
Type: OSVDB ID: 25561
Sun Java JRE Font.createFont() Method Disk Space Saturation DoS

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0392

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0394

Source: BUGTRAQ
Type: UNKNOWN
20060514 JDK 1.4.2_11, 1.5.0_06, unsigned applets consuming all free harddisk space

Source: BID
Type: UNKNOWN
17981

Source: CCN
Type: BID-17981
Sun Java Applet Font.createFont Remote Denial Of Service Vulnerability

Source: CCN
Type: USN-748-1
OpenJDK vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-748-1

Source: VUPEN
Type: UNKNOWN
ADV-2006-1824

Source: XF
Type: UNKNOWN
sun-java-fontcreatefont-dos(26493)

Source: XF
Type: UNKNOWN
sun-java-fontcreatefont-dos(26493)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10609

Source: REDHAT
Type: UNKNOWN
RHSA-2009:0377

Source: SUSE
Type: SUSE-SR:2006:012
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.5.0_6:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:jre:1.4.2:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:-:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update1:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update2:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update3:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update4:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.4.2:update5:linux:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update1:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update2:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update4:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update5:*:*:*:*:*:*
  • OR cpe:/a:sun:jre:1.5.0:update6:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_03:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_08:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_09:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_04:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_02:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_05:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_06:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_07:*:*:*:*:*:*:*
  • OR cpe:/a:sun:sdk:1.4.2_01:*:*:*:*:*:*:*
  • AND
  • cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20062426
    V
    		CVE-2006-2426
    2015-11-16
    oval:org.mitre.oval:def:29277
    P
    		RHSA-2009:0377 -- java-1.6.0-openjdk security update (Important)
    2015-08-17
    oval:org.mitre.oval:def:22718
    P
    		ELSA-2009:0377: java-1.6.0-openjdk security update (Important)
    2014-07-21
    oval:org.mitre.oval:def:13310
    P
    		USN-748-1 -- openjdk-6 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:13469
    P
    		DSA-1769-1 openjdk-6 -- several
    2014-06-23
    oval:org.mitre.oval:def:8037
    P
    		DSA-1769 openjdk-6 -- several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:21833
    P
    		ELSA-2009:0392: java-1.6.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:22708
    P
    		ELSA-2009:0394: java-1.5.0-sun security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:10609
    V
    		Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
    2013-04-29
    oval:org.debian:def:1769
    V
    		several vulnerabilities
    2009-04-11
    oval:com.redhat.rhsa:def:20090377
    P
    		RHSA-2009:0377: java-1.6.0-openjdk security update (Important)
    2009-04-07
    oval:com.redhat.rhsa:def:20090392
    P
    		RHSA-2009:0392: java-1.6.0-sun security update (Critical)
    2009-03-26
    oval:com.redhat.rhsa:def:20090394
    P
    		RHSA-2009:0394: java-1.5.0-sun security update (Critical)
    2009-03-26
    BACK
    sun jdk 1.5.0 update6
    sun jre 1.5.0 update6
    sun sdk 1.5.0_6
    sun jre 1.4.2
    sun jre 1.5.0
    sun sdk 1.4.2
    sun jre 1.5.0 update3
    sun sdk 1.4.2_11
    sun jdk 1.5.0
    sun jdk 1.5.0 update1
    sun jdk 1.5.0 update2
    sun jdk 1.5.0 update3
    sun jdk 1.5.0 update4
    sun jdk 1.5.0 update5
    sun jdk 1.5.0 update6
    sun jre 1.4.2 update1
    sun jre 1.4.2 update2
    sun jre 1.4.2 update3
    sun jre 1.4.2 update4
    sun jre 1.4.2 update5
    sun jre 1.5.0 update1
    sun jre 1.5.0 update2
    sun jre 1.5.0 update4
    sun jre 1.5.0 update5
    sun jre 1.5.0 update6
    sun sdk 1.4.2_03
    sun sdk 1.4.2_08
    sun sdk 1.4.2_09
    sun sdk 1.4.2_10
    sun sdk 1.4.2_04
    sun sdk 1.4.2_02
    sun sdk 1.4.2_05
    sun sdk 1.4.2_06
    sun sdk 1.4.2_07
    sun sdk 1.4.2_01
    redhat rhel extras 4
    redhat enterprise linux 5
    redhat enterprise linux 5
    debian debian linux 5.0