Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2006-6731

Back to Search

SUSE Linux Security Vulnerability: CVE-2006-6731

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
12/26/2006
Created
07/25/2018
Added
02/17/2015
Modified
07/04/2017

Description

Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.

Solution(s)

  • suse-upgrade-java2
  • suse-upgrade-java2-jre

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;