CVE-2014-3065: Code Injection

First published: Tue Nov 11 2014(Updated: )

IBM JDK updates 5.0 SR16-FP8, 6 SR16-FP2, 6R1 SR8-FP2, 7 SR8, and 7R1 SR2 fix a security issue described in the IBM security bulletin as: IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users. This issue may possibly allow local users to run arbitrary code with the privileges of other users that use IBM JDK. References: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21688283">http://www-01.ibm.com/support/docview.wss?uid=swg21688283</a> <a href="http://xforce.iss.net/xforce/xfdb/93629">http://xforce.iss.net/xforce/xfdb/93629</a> <a href="http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014">http://www.ibm.com/developerworks/java/jdk/alerts/#IBM_Security_Update_November_2014</a> Additional references that describe the shared class cache feature: <a href="http://www.ibm.com/developerworks/library/j-ibmjava4/">http://www.ibm.com/developerworks/library/j-ibmjava4/</a> <a href="http://www.ibm.com/developerworks/library/j-sharedclasses/">http://www.ibm.com/developerworks/library/j-sharedclasses/</a> <a href="http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/understanding/shared_classes.html">http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/understanding/shared_classes.html</a> <a href="http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/appendixes/cmdline/Xshareclasses.html">http://www-01.ibm.com/support/knowledgecenter/SSYKE2_7.0.0/com.ibm.java.lnx.71.doc/diag/appendixes/cmdline/Xshareclasses.html</a>

Credit: psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/nvd-index
• agent/author
• agent/severity
• agent/weakness
• agent/references
• agent/tags
• agent/type
• agent/event
• agent/description
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• collector/mitre-cve
• source/MITRE
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2014-3065
• vendor/ibm
• canonical/ibm java
• version/ibm java/5.0.0.0
• version/ibm java/5.0.11.0
• version/ibm java/5.0.11.1
• version/ibm java/5.0.11.2
• version/ibm java/5.0.12.0
• version/ibm java/5.0.12.1
• version/ibm java/5.0.12.2
• version/ibm java/5.0.12.3
• version/ibm java/5.0.12.4
• version/ibm java/5.0.12.5
• version/ibm java/5.0.13.0
• version/ibm java/5.0.14.0
• version/ibm java/5.0.15.0
• version/ibm java/5.0.16.0
• version/ibm java/5.0.16.1
• version/ibm java/5.0.16.2
• version/ibm java/5.0.16.3
• version/ibm java/6.0.0.0
• version/ibm java/6.0.1.0
• version/ibm java/6.0.2.0
• version/ibm java/6.0.3.0
• version/ibm java/6.0.4.0
• version/ibm java/6.0.5.0
• version/ibm java/6.0.6.0
• version/ibm java/6.0.7.0
• version/ibm java/6.0.8.0
• version/ibm java/6.0.8.1
• version/ibm java/6.0.9.0
• version/ibm java/6.0.9.1
• version/ibm java/6.0.9.2
• version/ibm java/6.0.10.0
• version/ibm java/6.0.10.1
• version/ibm java/6.0.11.0
• version/ibm java/6.0.12.0
• version/ibm java/6.0.13.0
• version/ibm java/6.0.13.1
• version/ibm java/6.0.13.2
• version/ibm java/6.0.14.0
• version/ibm java/7.0.0.0
• version/ibm java/7.0.1.0
• version/ibm java/7.0.2.0
• version/ibm java/7.0.3.0
• version/ibm java/7.0.4.0
• version/ibm java/7.0.4.1
• version/ibm java/7.0.4.2
• version/ibm java/7.0.5.0