CVE-2016-0376

First published: Thu Apr 14 2016(Updated: )

Adam Gowdiak (Security Explorations) reported that the fix for IBM JDK issue <a href="https://access.redhat.com/security/cve/CVE-2013-5456">CVE-2013-5456</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2013-5456 IBM JDK: unspecified sandbox bypass (ORB)" href="show_bug.cgi?id=1027748">bug 1027748</a>), also known as "Issue 70", did not correctly address the problem. Applied fix only restricted access to the vulnerable package, rather then addressing the underlying problem of running untrusted code inside doPrivileged block. Report: <a href="http://seclists.org/fulldisclosure/2016/Apr/43">http://seclists.org/fulldisclosure/2016/Apr/43</a> Write-up of the issue: <a href="http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf">http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf</a> Proof-of-concept code: <a href="http://www.security-explorations.com/materials/se-2012-01-70.2.zip">http://www.security-explorations.com/materials/se-2012-01-70.2.zip</a>

Credit: psirt@us.ibm.com psirt@us.ibm.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-cve
• agent/author
• agent/type
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2016-0376
• agent/first-publish-date
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-api
• agent/references
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/description
• agent/event
• collector/mitre-cve
• source/MITRE
• package-manager/redhat
• vendor/novell
• canonical/novell suse linux enterprise software development kit
• version/novell suse linux enterprise software development kit/11.0-sp4
• version/novell suse linux enterprise software development kit/12.0
• version/novell suse linux enterprise software development kit/12.0-sp1
• canonical/novell suse linux enterprise module for legacy software
• version/novell suse linux enterprise module for legacy software/12
• canonical/novell suse linux enterprise server
• version/novell suse linux enterprise server/11.0-sp2
• version/novell suse linux enterprise server/11.0-sp3
• version/novell suse linux enterprise server/11.0-sp4
• version/novell suse linux enterprise server/12.0
• version/novell suse linux enterprise server/12.0-sp1
• canonical/novell suse manager
• version/novell suse manager/2.1
• canonical/novell suse manager proxy
• version/novell suse manager proxy/2.1
• canonical/novell suse openstack cloud
• version/novell suse openstack cloud/5
• vendor/ibm
• canonical/ibm java sdk
• version/ibm java sdk/6.0.0.0
• version/ibm java sdk/6.1.0.0
• version/ibm java sdk/7.0.0.0
• version/ibm java sdk/7.1.0.0
• version/ibm java sdk/8.0.0.0
• vendor/redhat
• canonical/redhat satellite
• version/redhat satellite/5.6
• version/redhat satellite/5.7
• canonical/redhat enterprise linux desktop
• version/redhat enterprise linux desktop/5.0
• version/redhat enterprise linux desktop/6.0
• version/redhat enterprise linux desktop/7.0
• canonical/redhat enterprise linux hpc node supplementary
• version/redhat enterprise linux hpc node supplementary/6.0
• version/redhat enterprise linux hpc node supplementary/7.0
• canonical/redhat enterprise linux server
• version/redhat enterprise linux server/6.0
• version/redhat enterprise linux server/7.0
• canonical/redhat enterprise linux server eus
• version/redhat enterprise linux server eus/6.7
• version/redhat enterprise linux server eus/7.2
• version/redhat enterprise linux server eus/7.3
• version/redhat enterprise linux server eus/7.4
• version/redhat enterprise linux server eus/7.5
• canonical/redhat enterprise linux workstation
• version/redhat enterprise linux workstation/5.0
• version/redhat enterprise linux workstation/6.0
• version/redhat enterprise linux workstation/7.0