CVE-2010-4351

NameCVE-2010-4351
DescriptionThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2224-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openjdk-6 (PTS)wheezy, wheezy (security)6b38-1.13.10-1~deb7u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openjdk-6source(unstable)6b18-1.8.4-1medium
openjdk-6sourcelenny6b18-1.8.7-2~lenny1mediumDSA-2224-1
openjdk-6sourcesqueeze6b18-1.8.7-2~squeeze1mediumDSA-2224-1

Notes

[squeeze] - openjdk-6 <no-dsa> (bug #614151)
[lenny] - openjdk-6 <no-dsa> (bug #614151)

Search for package or bug name: Reporting problems