CVE-2010-4351
First published: Thu Dec 16 2010(Updated: )
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat IcedTea | =1.7 | |
| Red Hat IcedTea | =1.7.1 | |
| Red Hat IcedTea | =1.7.2 | |
| Red Hat IcedTea | =1.7.3 | |
| Red Hat IcedTea | =1.7.4 | |
| Red Hat IcedTea | =1.7.5 | |
| Red Hat IcedTea | =1.7.6 | |
| Red Hat IcedTea | =1.8 | |
| Red Hat IcedTea | =1.8.1 | |
| Red Hat IcedTea | =1.8.2 | |
| Red Hat IcedTea | =1.8.3 | |
| Red Hat IcedTea | =1.9 | |
| Red Hat IcedTea | =1.9.1 | |
| Red Hat IcedTea | =1.9.2 | |
| Red Hat IcedTea | =1.9.3 | |
| sun OpenJDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=663680
- http://www.zerodayinitiative.com/advisories/ZDI-11-014/
- http://www.securityfocus.com/bid/45894
- http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/
- http://www.vupen.com/english/advisories/2011/0166
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html
- http://www.vupen.com/english/advisories/2011/0165
- http://osvdb.org/70605
- http://secunia.com/advisories/43002
- http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html
- http://www.redhat.com/support/errata/RHSA-2011-0176.html
- http://www.vupen.com/english/advisories/2011/0215
- http://secunia.com/advisories/43085
- http://www.ubuntu.com/usn/USN-1052-1
- http://secunia.com/advisories/43078
- http://www.vupen.com/english/advisories/2011/0239
- http://www.ubuntu.com/usn/USN-1055-1
- http://secunia.com/advisories/43135
- http://www.debian.org/security/2011/dsa-2224
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:054
- http://security.gentoo.org/glsa/glsa-201406-32.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64893
- http://icedtea.classpath.org/hg/release/icedtea6-1.7/rev/6f7d633c355a
- http://icedtea.classpath.org/hg/release/icedtea6-1.8/rev/aa77afad613c
- http://icedtea.classpath.org/hg/release/icedtea6-1.9/rev/7ec6c82e69ee
- https://rhn.redhat.com/errata/RHSA-2011-0176.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=664841
Frequently Asked Questions
What is the severity of CVE-2010-4351?
CVE-2010-4351 is classified as a moderate severity vulnerability that may allow attackers to bypass security checks.
How do I fix CVE-2010-4351?
To mitigate CVE-2010-4351, upgrade to IcedTea version 1.7.7, 1.8.4, 1.9.4 or later.
What software is affected by CVE-2010-4351?
CVE-2010-4351 affects multiple versions of Red Hat IcedTea including 1.7 through 1.9.3.
What types of attacks can CVE-2010-4351 facilitate?
CVE-2010-4351 may allow context-dependent attackers to bypass security restrictions.
Is CVE-2010-4351 a known vulnerability?
Yes, CVE-2010-4351 is a recognized flaw documented in the Common Vulnerabilities and Exposures database.
- collector/nvd-historical
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-4351
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat icedtea
- version/red hat icedtea/1.7
- version/red hat icedtea/1.7.1
- version/red hat icedtea/1.7.2
- version/red hat icedtea/1.7.3
- version/red hat icedtea/1.7.4
- version/red hat icedtea/1.7.5
- version/red hat icedtea/1.7.6
- version/red hat icedtea/1.8
- version/red hat icedtea/1.8.1
- version/red hat icedtea/1.8.2
- version/red hat icedtea/1.8.3
- version/red hat icedtea/1.9
- version/red hat icedtea/1.9.1
- version/red hat icedtea/1.9.2
- version/red hat icedtea/1.9.3
- vendor/sun
- canonical/sun openjdk