Launchpad.net

CVE 2008-3112

Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.

Related bugs and status

CVE-2008-3112 (Candidate) is related to these bugs:

Bug #255011: sru request for sun-java5

		In	Importance	Status
255011	sru request for sun-java5	sun-java5 (Ubuntu)	Undecided	Invalid
255011	sru request for sun-java5	sun-java5 (Ubuntu Dapper)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Hardy)	Undecided	Fix Released
255011	sru request for sun-java5	sun-java5 (Ubuntu Intrepid)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

SUNALERT: 238905
SECUNIA: 31010
BID: 30148
REDHAT: RHSA-2008:0594
REDHAT: RHSA-2008:0595
CERT: TA08-193A
SECUNIA: 31055
REDHAT: RHSA-2008:0790
SUSE: SUSE-SA:2008:042
SUSE: SUSE-SA:2008:043
SECUNIA: 31320
SECUNIA: 31497
SECUNIA: 31600
CONFIRM: http://support.apple.c...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-09-24
SUSE: SUSE-SA:2008:045
SECUNIA: 32018
CONFIRM: http://www.vmware.com/...
SECUNIA: 32180
SECUNIA: 32179
SECUNIA: 32436
SECTRACK: 1020452
REDHAT: RHSA-2008:0955
SECUNIA: 32826
SUSE: SUSE-SR:2008:028
MISC: http://www.zerodayinit...
SECUNIA: 33194
REDHAT: RHSA-2008:0906
SUSE: SUSE-SR:2009:010
SECUNIA: 35065
CONFIRM: http://support.avaya.c...
GENTOO: GLSA-200911-02
SECUNIA: 37386
VUPEN: ADV-2008-2056
VUPEN: ADV-2008-2740
SECUNIA: 31736
BUGTRAQ: 20081004 VMSA-2008-001...
XF: sun-javawebstart-file-...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20081004 VMSA-2008-001...