SUSE Linux update for java-1_6_0-ibm
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2016-9841 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388 |
| CWE-ID | CWE-125 CWE-264 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #12 is available. |
| Vulnerable software Subscribe |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU6664
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9841
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can send a specially crafted document, trick the victim into opening it, and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU8863
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10281
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU8865
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10285
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the RMI component. A remote attacker can escalate his privileges on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU8866
Risk: Medium
CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10293
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access potentially sensitive information.
The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially read and modify arbitrary files on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU8867
Risk: Low
CVSSv3.1: 4.4 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10295
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to access potentially sensitive information.
The weakness exists due to a flaw in the Javadoc component. A remote attacker can partially modify arbitrary files on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU8871
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10345
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Privilege escalation
EUVDB-ID: #VU8872
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10346
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the Hotspot component. A remote attacker can escalate his privileges on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU8864
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10347
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper access control
EUVDB-ID: #VU8873
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10348
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Libraries component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper access control
EUVDB-ID: #VU8874
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10349
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the JAXP component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper access control
EUVDB-ID: #VU8875
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10350
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the JAX-WS component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper access control
EUVDB-ID: #VU8876
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-10355
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Networking component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Improper access control
EUVDB-ID: #VU9120
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10356
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The weakness exists due to a flaw in the Security component. A remote
attacker can gain unauthorized access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU8878
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10357
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition.
The weakness exists due to a flaw in the Serialization component. A remote attacker can trigger partial denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Privilege escalation
EUVDB-ID: #VU8881
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-10388
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain elevated privileges.
The weakness exists due to a flaw in the Libraries component. A remote attacker can escalate his privileges on the target system.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 11
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00080.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
