This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-29 17:22:06 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
16846d1e-f1de-11e1-8bd8-0022156e8794 | Java 1.7 -- security manager bypass US-CERT reports:
This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager. Discovery 2012-08-27 Entry 2012-08-30 Modified 2012-08-31 openjdk ge 7.0 lt 7.6.24_1 linux-sun-jdk ge 7.0 lt 7.7 linux-sun-jre ge 7.0 lt 7.7 CVE-2012-4681 636312 http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-August/020065.html http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html |
d5e0317e-5e45-11e2-a113-c48508086173 | java 7.x -- security manager bypass US CERT reports:
Esteban Guillardoy from Immunity Inc. additionally clarifies on the recursive reflection exploitation technique:
This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager. For users who are running native Web browsers with enabled Java plugin, the workaround is to remove the java/icedtea-web port and restart all browser instances. For users who are running Linux Web browser flavors, the workaround is either to disable the Java plugin in browser or to upgrade linux-sun-* packages to the non-vulnerable version. It is not recommended to run untrusted applets using appletviewer, since this may lead to the execution of the malicious code on vulnerable versions on JDK/JRE. Discovery 2013-01-10 Entry 2013-01-14 openjdk7 gt 0 linux-sun-jdk ge 7.0 lt 7.11 linux-sun-jre ge 7.0 lt 7.11 CVE-2013-0433 625617 http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf |