CVE-2013-5456

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-5456 at MITRE

Description

The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 before SR6 allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code via vectors related to deserialization inside the AccessController doPrivileged block.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.33
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 849212 [RESOLVED / FIXED], 977646 [REOPENED], 981057 [RESOLVED / DUPLICATE], 981060 [RESOLVED / DUPLICATE], 981087

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1-LTSS
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.0-0.3.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Patchnames:
slessp1-java-1_6_0-ibm
SUSE Linux Enterprise Server 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.0-0.3.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-devel >= 1.7.0_sr7.0-0.5.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Patchnames:
slessp2-java-1_6_0-ibm
slessp2-java-1_7_0-ibm
SUSE Linux Enterprise Server 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.2-0.3.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Patchnames:
slessp3-java-1_6_0-ibm
slessp3-java-1_7_0-ibm
SUSE Linux Enterprise Server for VMWare 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.0-0.3.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-devel >= 1.7.0_sr7.0-0.5.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Patchnames:
slessp2-java-1_6_0-ibm
slessp2-java-1_7_0-ibm
SUSE Linux Enterprise Server for VMWare 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.2-0.3.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Patchnames:
slessp3-java-1_6_0-ibm
slessp3-java-1_7_0-ibm
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm-devel >= 1.7.0_sr6.0-0.7.1
Patchnames:
sdksp2-java-1_6_0-ibm
sdksp2-java-1_7_0-ibm
SUSE Linux Enterprise Software Development Kit 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_7_0-ibm-devel >= 1.7.0_sr6.0-0.7.1
Patchnames:
sdksp3-java-1_6_0-ibm
sdksp3-java-1_7_0-ibm
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • java-1_6_0-ibm >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.25-0.11.1
Builds
ZYPP Patch Nr: 9273
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.25-0.11.1
Builds
ZYPP Patch Nr: 9273
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr16.25-0.11.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr16.25-0.11.1
Builds
ZYPP Patch Nr: 9273
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8557
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8557
SUSE Linux Enterprise Server 11 SP1 LTSS
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8557
SUSE Linux Enterprise Server 10 SP3 LTSS for x86
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.9.9.1
Builds
ZYPP Patch Nr: 8750
SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.9.9.1
Builds
ZYPP Patch Nr: 8750
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.9.9.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr15.0-0.9.9.1
Builds
ZYPP Patch Nr: 8750
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8549
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8549
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8549
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8549
SUSE Linux Enterprise Server 11 SP2
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8549
SUSE Linux Enterprise Server 10 SP4 LTSS for x86
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.14.1
Builds
ZYPP Patch Nr: 8749
SUSE Linux Enterprise Server 10 SP4 LTSS for IBM zSeries 64bit
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.14.1
Builds
ZYPP Patch Nr: 8749
SUSE Linux Enterprise Server 10 SP4 LTSS for AMD64 and Intel EM64T
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-32bit >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-alsa-32bit >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-devel-32bit >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.14.1
  • java-1_6_0-ibm-plugin-32bit >= 1.6.0_sr15.0-0.14.1
Builds
ZYPP Patch Nr: 8749
SUSE Linux Enterprise Software Development Kit 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8550
SUSE Linux Enterprise Software Development Kit 11 SP3
  • java-1_6_0-ibm-devel >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8550
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-alsa >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8550
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-plugin >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8550
SUSE Linux Enterprise Server 11 SP3
  • java-1_6_0-ibm >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-fonts >= 1.6.0_sr15.0-0.5.1
  • java-1_6_0-ibm-jdbc >= 1.6.0_sr15.0-0.5.1
Builds
SAT Patch Nr: 8550
SUSE CORE 9 for AMD64 and Intel EM64T
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for x86
  • IBMJava5-JRE >= 1.5.0_sr16.4-0.4
  • IBMJava5-SDK >= 1.5.0_sr16.4-0.4
Builds
YOU Patch Nr: 12981
SUSE Linux Enterprise Software Development Kit 11 SP3
  • java-1_7_0-ibm-devel >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8566
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8566
SUSE Linux Enterprise Server 11 SP3
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8566
SUSE Linux Enterprise Software Development Kit 11 SP2
  • java-1_7_0-ibm-devel >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8565
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-alsa >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-plugin >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8565
SUSE Linux Enterprise Server 11 SP2
  • java-1_7_0-ibm >= 1.7.0_sr6.0-0.7.1
  • java-1_7_0-ibm-jdbc >= 1.7.0_sr6.0-0.7.1
Builds
SAT Patch Nr: 8565