Upstream information

CVE-2005-3906 at MITRE

Description

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 135835 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • java-1_5_0-sun >= 1.5.0_06-1.1
  • java-1_5_0-sun-alsa >= 1.5.0_06-1.1
  • java-1_5_0-sun-demo >= 1.5.0_06-1.1
  • java-1_5_0-sun-devel >= 1.5.0_06-1.1
  • java-1_5_0-sun-jdbc >= 1.5.0_06-1.1
  • java-1_5_0-sun-plugin >= 1.5.0_06-1.1
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • IBMJava2-JRE >= 1.3.1-229
  • IBMJava2-SDK >= 1.3.1-229
ul1.x86
ul1.ppc
core9.s390
ul1.x86-64
core9.ia64
core9.x86
core9.ppc
YOU Patch Nr: 10936
Open Enterprise Server
  • IBMJava2-JRE >= 1.4.2-0.68
  • IBMJava2-SDK >= 1.4.2-0.68
ul1.x86
ul1.ppc
core9.s390
ul1.x86-64
core9.ia64
core9.x86
core9.ppc
YOU Patch Nr: 10936
SUSE LINUX 9.3
  • java-1_5_0-sun >= 1.5.0_06-1.1
  • java-1_5_0-sun-alsa >= 1.5.0_06-1.1
  • java-1_5_0-sun-demo >= 1.5.0_06-1.1
  • java-1_5_0-sun-devel >= 1.5.0_06-1.1
  • java-1_5_0-sun-jdbc >= 1.5.0_06-1.1
  • java-1_5_0-sun-plugin >= 1.5.0_06-1.1
  • java-1_5_0-sun-src >= 1.5.0_06-1.1
SuSE Linux Desktop 1.0
  • java2 >= 1.4.2-147
  • java2-jre >= 1.4.2-147
sles9-oes.x86
suse91.ia64
ul1.x86-64
slox4,2.x86
core9.x86-64
YOU Patch Nr: 10809
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • java2 >= 1.3.1-690
  • java2-jre >= 1.3.1-690
sles9-oes.x86
suse91.ia64
ul1.x86-64
slox4,2.x86
core9.x86-64
YOU Patch Nr: 10809
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • java2 >= 1.4.2-129.19
  • java2-jre >= 1.4.2-129.19
sles9-oes.x86
suse91.ia64
ul1.x86-64
slox4,2.x86
core9.x86-64
YOU Patch Nr: 10809
SUSE LINUX 10.0
SUSE LINUX 9.2
SUSE LINUX 9.3
  • java-1_4_2-sun >= 1.4.2.10-2.1
  • java-1_4_2-sun-alsa >= 1.4.2.10-2.1
  • java-1_4_2-sun-demo >= 1.4.2.10-2.1
  • java-1_4_2-sun-devel >= 1.4.2.10-2.1
  • java-1_4_2-sun-jdbc >= 1.4.2.10-2.1
  • java-1_4_2-sun-plugin >= 1.4.2.10-2.1
SUSE LINUX 10.0
SUSE LINUX 9.2
SUSE LINUX 9.3
  • java-1_4_2-sun >= 1.4.2.10-2.2
  • java-1_4_2-sun-alsa >= 1.4.2.10-2.2
  • java-1_4_2-sun-demo >= 1.4.2.10-2.2
  • java-1_4_2-sun-devel >= 1.4.2.10-2.2
  • java-1_4_2-sun-jdbc >= 1.4.2.10-2.2
  • java-1_4_2-sun-plugin >= 1.4.2.10-2.2
  • java-1_4_2-sun-src >= 1.4.2.10-2.2