Vulnerability CVE-2009-3866

Vulnerability Name:

CVE-2009-3866 (CCN-54125)

Assigned:

2009-11-03

Published:

2009-11-03

Updated:

2017-09-19

Summary:

The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2009-3866

Source: CONFIRM
Type: Vendor Advisory
http://java.sun.com/javase/6/webnotes/6u17.html

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-12-03-1

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-12-03-2

Source: SUSE
Type: UNKNOWN
SUSE-SA:2009:058

Source: CCN
Type: VMware Security Announcements Mailing list, Fri Jan 29 22:55:19 PST 2010
VMSA-2010-0002 VMware vCenter update release addresses multiple security issues in Java JRE

Source: HP
Type: UNKNOWN
HPSBMU02799

Source: CCN
Type: RHSA-2009-1560
Critical: java-1.6.0-sun security update

Source: CCN
Type: RHSA-2009-1694
Critical: java-1.6.0-ibm security update

Source: CCN
Type: RHSA-2010-0043
Low: Red Hat Network Satellite Server IBM Java Runtime security update

Source: CCN
Type: SA37231
Sun Java JDK / JRE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
37231

Source: SECUNIA
Type: UNKNOWN
37239

Source: SECUNIA
Type: UNKNOWN
37386

Source: SECUNIA
Type: UNKNOWN
37581

Source: CCN
Type: SA37613
IBM Java Denial of Service Vulnerabilities

Source: CCN
Type: SA37625
IBM Java 6 Denial of Service Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
37841

Source: CCN
Type: SA38384
VMware VirtualCenter JRE Multiple Vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200911-02

Source: CCN
Type: Sun Alert ID: 269870
Security Vulnerability in the Java Web Start Installer May be Leveraged to Allow Untrusted Java Web Start Application to Run As Trusted Application

Source: SUNALERT
Type: Patch, Vendor Advisory
269870

Source: CCN
Type: Apple Web site
About the security content of Java for Mac OS X 10.6 Update 1

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3969

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3970

Source: CCN
Type: IBM Security Alerts
Sun's latest Java security alerts

Source: CCN
Type: OSVDB ID: 59716
Sun Java JDK / JRE Web Start Crafted Installer Extension JNLP Handling Trusted Code Execution

Source: REDHAT
Type: UNKNOWN
RHSA-2009:1694

Source: BID
Type: UNKNOWN
36881

Source: CCN
Type: BID-36881
Sun Java SE November 2009 Multiple Security Vulnerabilities

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2009-3131

Source: MISC
Type: Patch
http://zerodayinitiative.com/advisories/ZDI-09-077/

Source: XF
Type: UNKNOWN
sun-jws-installer-code-execution(54125)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:6635

Source: SUSE
Type: SUSE-SA:2009:058
Sun Java 6 security update

Source: SUSE
Type: SUSE-SA:2010:004
IBM Java 6 security update

Source: CCN
Type: ZDI-09-077
Sun Java Web Start Arbitrary Command Execution Vulnerability

Vulnerable Configuration:

Configuration 1:

cpe:/a:sun:jdk:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_7:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_8:*:*:*:*:*:*

OR cpe:/a:sun:jdk:1.6.0:update_9:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_1:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_10:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_11:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_12:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_13:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_14:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_15:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_16:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_2:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_3:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_4:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_5:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_6:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_7:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_8:*:*:*:*:*:*

OR cpe:/a:sun:jre:1.6.0:update_9:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:sun:jre:6:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:java:5.0.0.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/a:redhat:rhel_extras:4:*:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_server:2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.5.8:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*

OR cpe:/o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*

OR cpe:/a:vmware:virtualcenter:2.0:unknown:client:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20093866	V	CVE-2009-3866	2022-05-20
oval:org.mitre.oval:def:22949	P	ELSA-2009:1560: java-1.6.0-sun security update (Critical)	2014-05-26
oval:org.mitre.oval:def:22907	P	ELSA-2009:1694: java-1.6.0-ibm security update (Critical)	2014-05-26
oval:org.mitre.oval:def:6635	V	Sun Java Privilege Escalation in the Java Web Start Installer	2014-01-20
oval:com.redhat.rhsa:def:20091694	P	RHSA-2009:1694: java-1.6.0-ibm security update (Critical)	2009-12-23
oval:com.redhat.rhsa:def:20091560	P	RHSA-2009:1560: java-1.6.0-sun security update (Critical)	2009-11-09

BACK