Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702768
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2768-1 (icedtea-web - heap-based buffer overflow)
Summary:A heap-based buffer overflow vulnerability was found in icedtea-web, a;web browser plugin for running applets written in the Java programming;language. If a user were tricked into opening a malicious website, an;attacker could cause the plugin to crash or possibly execute arbitrary;code as the user invoking the program.;;This problem was initially discovered by Arthur Gerkis and got assigned;CVE-2012-4540;. Fixes where applied in the 1.1, 1.2 and 1.3 branches but;not to the 1.4 branch.
Description:Summary:
A heap-based buffer overflow vulnerability was found in icedtea-web, a
web browser plugin for running applets written in the Java programming
language. If a user were tricked into opening a malicious website, an
attacker could cause the plugin to crash or possibly execute arbitrary
code as the user invoking the program.

This problem was initially discovered by Arthur Gerkis and got assigned
CVE-2012-4540
. Fixes where applied in the 1.1, 1.2 and 1.3 branches but
not to the 1.4 branch.

Affected Software/OS:
icedtea-web on Debian Linux

Solution:
For the stable distribution (wheezy), this problem has been fixed in
version 1.4-3~
deb7u2.

For the unstable distribution (sid), this problem has been fixed in
version 1.4-3.1.

We recommend that you upgrade your icedtea-web packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4349
Common Vulnerability Exposure (CVE) ID: CVE-2012-4540
BugTraq ID: 56434
http://www.securityfocus.com/bid/56434
BugTraq ID: 62426
http://www.securityfocus.com/bid/62426
Debian Security Information: DSA-2768 (Google Search)
http://www.debian.org/security/2013/dsa-2768
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2012:171
https://bugzilla.redhat.com/show_bug.cgi?id=869040
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-November/020775.html
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-September/024750.html
http://www.openwall.com/lists/oss-security/2012/11/07/5
RedHat Security Advisories: RHSA-2012:1434
http://rhn.redhat.com/errata/RHSA-2012-1434.html
http://www.securitytracker.com/id?1027738
http://secunia.com/advisories/51206
http://secunia.com/advisories/51220
http://secunia.com/advisories/51374
SuSE Security Announcement: openSUSE-SU-2012:1524 (Google Search)
http://lists.opensuse.org/opensuse-updates/2012-11/msg00040.html
SuSE Security Announcement: openSUSE-SU-2013:0174 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00065.html
SuSE Security Announcement: openSUSE-SU-2013:1509 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00071.html
SuSE Security Announcement: openSUSE-SU-2013:1511 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-09/msg00073.html
SuSE Security Announcement: openSUSE-SU-2015:1595 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00019.html
http://www.ubuntu.com/usn/USN-1625-1
XForce ISS Database: icedtea-applet-bo(79894)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79894
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.