OpenJDK 'IcedTea' Plugin JAR Signature Verification Security Bypass Vulnerability

Bugtraq ID:	46110
Class:	Access Validation Error
CVE:	CVE-2011-0025
Remote:	Yes
Local:	No
Published:	Feb 02 2011 12:00AM
Updated:	Apr 20 2011 07:54PM
Credit:	Reported by vendor.
Vulnerable:	Ubuntu Ubuntu Linux 9.10 sparc Ubuntu Ubuntu Linux 9.10 powerpc Ubuntu Ubuntu Linux 9.10 lpia Ubuntu Ubuntu Linux 9.10 i386 Ubuntu Ubuntu Linux 9.10 ARM Ubuntu Ubuntu Linux 9.10 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 SuSE openSUSE 11.3 S.u.S.E. openSUSE 11.2 OpenJDK OpenJDK 6 MandrakeSoft Linux Mandrake 2010.1 x86_64 MandrakeSoft Linux Mandrake 2010.1 MandrakeSoft Linux Mandrake 2010.0 x86_64 MandrakeSoft Linux Mandrake 2010.0 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 IcedTea IcedTea 1.9.4 IcedTea IcedTea 1.8.4 IcedTea IcedTea 1.7.7 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0

Not Vulnerable:	IcedTea IcedTea 1.9.5 IcedTea IcedTea 1.8.5 IcedTea IcedTea 1.7.8