Info

Disclosure

May 16, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Java JDK/JRE contains a flaw that may allow a remote denial of service. The issue is triggered when applets are permitted to create large temporary files using the Font.createFont method but are never removed, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Sun Microsystems, Inc.	JDK/JRE	1.4.2_11
		1.5.0_06

References

Bugtraq ID: 17981
CVE ID: 2006-2426 (see also: NVD)
Secunia Advisory ID: 20132 20457 34489 34495 34496 34632 34675 37791
SCIP VulDB ID: 2247
ISS X-Force ID: 26493
VUPEN Advisory: ADV-2006-1824
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0279.html
Vendor URL: http://java.sun.com/j2se/1.5/
Vendor Specific News/Changelog Entry: http://lists.debian.org/debian-security-announce/2009/msg00080.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-March/000873.html
Vendor Specific Advisory URL: http://www.novell.com/linux/security/advisories/2006-06-02.html
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-0377.html
https://rhn.redhat.com/errata/RHSA-2009-0392.html
https://rhn.redhat.com/errata/RHSA-2009-0394.html
https://rhn.redhat.com/errata/RHSA-2009-1662.html

Credit

Marc Schoenefeld - marc.schoenefeldgmx.org -

Direct URL: http://osvdb.org/25561

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

JDK/JRE

References

Credit