Launchpad.net

CVE 2008-3109

Unspecified vulnerability in scripting language support in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.

Related bugs and status

CVE-2008-3109 (Candidate) is related to these bugs:

Bug #255011: sru request for sun-java5

		In	Importance	Status
255011	sru request for sun-java5	sun-java5 (Ubuntu)	Undecided	Invalid
255011	sru request for sun-java5	sun-java5 (Ubuntu Dapper)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Hardy)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Intrepid)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

SUNALERT: 238687
BID: 30144
SECUNIA: 31010
REDHAT: RHSA-2008:0594
CERT: TA08-193A
SUSE: SUSE-SA:2008:042
SECUNIA: 31600
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-09-24
SECUNIA: 32018
CONFIRM: http://www.vmware.com/...
SECUNIA: 32180
SECUNIA: 32179
SECUNIA: 32436
SECTRACK: 1020456
REDHAT: RHSA-2008:1045
SECUNIA: 33238
REDHAT: RHSA-2008:0906
CONFIRM: http://support.avaya.c...
CONFIRM: http://support.avaya.c...
GENTOO: GLSA-200911-02
SECUNIA: 37386
VUPEN: ADV-2008-2056
VUPEN: ADV-2008-2740
BUGTRAQ: 20081004 VMSA-2008-001...
XF: sun-jre-scripting-unau...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20081004 VMSA-2008-001...