SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
SecurityTracker Alert ID:  1034214
SecurityTracker URL:  http://securitytracker.com/id/1034214
CVE Reference:   CVE-2015-5006   (Links to External Site)
Date:  Nov 23 2015
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.0, 6.0, 6.1, 7.0, 7.1, 8.0
Description:   A vulnerability was reported in IBM Java. A physically local user can obtain sensitive information from the Kerberos Credential Cache.

No details were provided.

Impact:   A physically local user can obtain sensitive information from the Kerberos Credential Cache.
Solution:   The vendor has issued a fix (APAR IV78316; 6.0.16.15, 6.1.8.15, 7.0.9.20, 7.1.3.20, 8.0.2.0).

The vendor's advisory is available at:

http://www-01.ibm.com/support/docview.wss?uid=swg21969225

Vendor URL:  www-01.ibm.com/support/docview.wss?uid=swg21969225 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (AIX), Windows (Any), z/OS

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 23 2015 (Red Hat Issues Fix) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
Red Hat has issued a fix for java-1.6.0-ibm, java-1.7.0-ibm, java-1.71-ibm, and java-1.8.0-ibm for Red Hat Enterprise Linux 5, 6, and 7.
Dec 11 2015 (IBM Issues Fix for IBM AIX) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM AIX 5.3, 6.1, 7.1, and 7.2.
Jan 7 2016 (IBM Issues Fix for IBM Cognos Command Center) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM Cognos Command Center.
Feb 24 2016 (IBM Issues Fix for IBM SPSS Analytic Server) IBM Java Flaw Lets Local Users Obtain Sensitive Kerberos Credentials Information on the Target System
IBM has issued a fix for IBM SPSS Analytic Server.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2016, SecurityGlobal.net LLC