JNLPAppletLauncher Arbitrary File Creation Vulnerability

Bugtraq ID: 35946
Class: Unknown
CVE: CVE-2009-2676
CVE-2009-3403
Remote: Yes
Local: No
Published: Aug 04 2009 12:00AM
Updated: Jan 29 2013 07:40PM
Credit: John Heasman
Vulnerable: VMWare vMA 4.0
VMWare VirtualCenter 2.0.2
VMWare VirtualCenter 2.5.Update 3 build 1
VMWare VirtualCenter 2.5 Update 5
VMWare VirtualCenter 2.5 Update 2
VMWare VirtualCenter 2.5 Update 1
VMWare VirtualCenter 2.5
VMWare VirtualCenter 2.0.2 Update 5
VMWare VirtualCenter 2.0.2 Update 4
VMWare VirtualCenter 2.0.2 Update 3
VMWare VirtualCenter 2.0.2 Update 2
VMWare VirtualCenter 2.0.2 Update 1
VMWare vCenter 4.0
VMWare Server 2.0
VMWare ESX Server 3.0.3
VMWare ESX Server 4.0
VMWare ESX Server 3.5 ESX350-200910401
VMWare ESX Server 3.5 ESX350-200906407
VMWare ESX Server 3.5 ESX350-200904401
VMWare ESX Server 3.5
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
SuSE SUSE Linux Enterprise Server 11 DEBUGINFO
SuSE SUSE Linux Enterprise Server 11
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Desktop 11
SuSE SUSE Linux Enterprise 11
SuSE openSUSE 10.3
Sun OpenJDK 6 Build b12
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
RedHat Red Hat Network Satellite (for RHEL 4) 5.1
RedHat Network Satellite (for RHEL 5 Server) 5.3
RedHat Network Satellite (for RHEL 4 AS) 5.3
RedHat Enterprise Linux WS Extras 4
RedHat Enterprise Linux Supplementary EUS 5.3.z
RedHat Enterprise Linux Extras 4.8.z
RedHat Enterprise Linux Extras 4
RedHat Enterprise Linux ES Extras 4
RedHat Enterprise Linux AS Extras 4
RedHat Desktop Extras 4
Red Hat Enterprise Linux Supplementary 5 server
Red Hat Enterprise Linux Desktop Supplementary 5 client
Oracle JRockit R27.6.4
Oracle JRockit R27.6.3
Oracle JRockit R27.6.2
Oracle JRockit R27.6.0
Oracle JRockit R27.1.0
Nortel Networks Self-Service WVADS 0
Nortel Networks Self-Service Speech Server 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 500 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service CCXML 0
Nortel Networks Self Service VoiceXML 0
Nortel Networks Contact Center - CCT 0
JNLPAppletLauncher JNLPAppletLauncher 0
IBM Java SE 6.0 SR5
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX 11.31
Gentoo Linux
Avaya IR 4.0
Avaya IR 3.0
Not Vulnerable: VMWare vMA 4.0 Patch 2
VMWare VirtualCenter 2.5 Update 6
VMWare vCenter 4.0 Update 1
VMWare ESX Server 3.5 ESX350-201003403


 

Privacy Statement
Copyright 2010, SecurityFocus