Description
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE
(subcomponent: Libraries). Supported versions that are affected are Java
SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to
exploit vulnerability allows unauthenticated attacker with network access
via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks
require human interaction from a person other than the attacker. Successful
attacks of this vulnerability can result in takeover of Java SE, Java SE
Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score
7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Ubuntu-Description
Jeffrey Altman discovered that the Kerberos client implementation in
OpenJDK incorrectly trusted unauthenticated portions of Kerberos
tickets. A remote attacker could use this to impersonate trusted
network services or perform other attacks.
Notes
sbeattie> another instance of the Orpheus-Lyre vulnerability
Package
| Upstream: | released
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was needed)
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
| Ubuntu 19.10 (Eoan): | DNE
|
Package
| Upstream: | released
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was released [7u151-2.6.11-2ubuntu0.14.04.1])
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
| Ubuntu 19.10 (Eoan): | DNE
|
Package
| Upstream: | released
(9.0.1)
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | needed
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
| Ubuntu 19.10 (Eoan): | DNE
|
Updated: 2019-09-19 14:35:05 UTC (commit d32ebc32606b9517c6fa7d65a15441e2a57a6de5)