CVE-2010-4351 Information

Description

The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7 1.8 before 1.8.4 and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.

Reference

http://blog.fuseyism.com/index.php/2011/01/18/security-icedtea6-177-184-194-released/ http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053276.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053288.html http://osvdb.org/70605 http://secunia.com/advisories/43002 http://secunia.com/advisories/43078 http://secunia.com/advisories/43085 http://secunia.com/advisories/43135 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa-2224 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://www.redhat.com/support/errata/RHSA-2011-0176.html http://www.securityfocus.com/bid/45894 http://www.ubuntu.com/usn/USN-1052-1 http://www.ubuntu.com/usn/USN-1055-1 http://www.vupen.com/english/advisories/2011/0165 http://www.vupen.com/english/advisories/2011/0166 http://www.vupen.com/english/advisories/2011/0215 http://www.vupen.com/english/advisories/2011/0239 http://www.zerodayinitiative.com/advisories/ZDI-11-014/ https://bugzilla.redhat.com/show_bug.cgi?id=663680 https://exchange.xforce.ibmcloud.com/vulnerabilities/64893