Sign-up

ID

VAR-200812-0096


CVE

CVE-2008-5662


TITLE

Sun Java Wireless Toolkit (WTK) Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2008-002397

DESCRIPTION

Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. Sun Java Wireless Toolkit for CDLC is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the toolkit. Failed attacks will likely cause denial-of-service conditions. Sun Java Wireless Toolkit 2.5.2 and prior versions are vulnerable. ---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA33159 VERIFY ADVISORY: http://secunia.com/advisories/33159/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Sun Java Wireless Toolkit for CLDC 2.x http://secunia.com/advisories/product/20784/ DESCRIPTION: Some vulnerabilities have been reported in Sun Java Wireless Toolkit for CLDC, which can be exploited by malicious people to bypass certain security restrictions. http://java.sun.com/products/sjwtoolkit/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-5662 // JVNDB: JVNDB-2008-002397 // BID: 32862 // VULHUB: VHN-35787 // PACKETSTORM: 73077

AFFECTED PRODUCTS

vendor:sunmodel:java wireless toolkit for cldcscope:eqversion:2.5

Trust: 1.6

vendor:sunmodel:java wireless toolkit for cldcscope:eqversion:1.0

Trust: 1.6

vendor:sunmodel:java wireless toolkit for cldcscope:eqversion:2.5.1

Trust: 1.6

vendor:sunmodel:java wireless toolkit for cldcscope:eqversion:2.2

Trust: 1.6

vendor:sunmodel:java wireless toolkit for cldcscope:lteversion:2.5.2

Trust: 1.0

vendor:sun microsystemsmodel:java wireless toolkitscope:lteversion:2.5.2

Trust: 0.8

vendor:sunmodel:java wireless toolkit for cldcscope:eqversion:2.5.2

Trust: 0.6

vendor:sunmodel:java wireless toolkitscope:eqversion:2.5.2

Trust: 0.3

vendor:sunmodel:java wireless toolkit 2.5.2 01scope:neversion: -

Trust: 0.3

sources: BID: 32862 // JVNDB: JVNDB-2008-002397 // CNNVD: CNNVD-200812-354 // NVD: CVE-2008-5662

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5662
value: HIGH

Trust: 1.0

NVD: CVE-2008-5662
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200812-354
value: CRITICAL

Trust: 0.6

VULHUB: VHN-35787
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-5662
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-35787
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-35787 // JVNDB: JVNDB-2008-002397 // CNNVD: CNNVD-200812-354 // NVD: CVE-2008-5662

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-35787 // JVNDB: JVNDB-2008-002397 // NVD: CVE-2008-5662

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200812-354

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200812-354

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-002397

PATCH
title:247566url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-247566-1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-002397

EXTERNAL IDS
db:NVDid:CVE-2008-5662
Trust: 2.5
db:BIDid:32862
Trust: 2.0
db:SECUNIAid:33159
Trust: 1.8
db:SECTRACKid:1021414
Trust: 1.7
db:VUPENid:ADV-2008-3439
Trust: 1.7
db:JVNDBid:JVNDB-2008-002397
Trust: 0.8
db:CNNVDid:CNNVD-200812-354
Trust: 0.7
db:XFid:47376
Trust: 0.6
db:SUNALERTid:247566
Trust: 0.6
db:VULHUBid:VHN-35787
Trust: 0.1
db:PACKETSTORMid:73077
Trust: 0.1
sources:
            
            
            VULHUB: VHN-35787 // 
            
            
            
            BID: 32862 // 
            
            
            
            JVNDB: JVNDB-2008-002397 // 
            
            
            
            PACKETSTORM: 73077 // 
            
            
            
            CNNVD: CNNVD-200812-354 // 
            
            
            
            NVD: CVE-2008-5662

REFERENCES
url:http://www.securityfocus.com/bid/32862
Trust: 1.7
url:http://www.securitytracker.com/id?1021414
Trust: 1.7
url:http://secunia.com/advisories/33159
Trust: 1.7
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-247566-1
Trust: 1.7
url:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019851.1-1
Trust: 1.1
url:http://www.vupen.com/english/advisories/2008/3439
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/47376
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5662
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5662
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/47376
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/3439
Trust: 0.6
url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-247566-1
Trust: 0.4
url:http://java.sun.com/products/sjwtoolkit/
Trust: 0.4
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/product/20784/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/33159/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-35787 // 
            
            
            
            BID: 32862 // 
            
            
            
            JVNDB: JVNDB-2008-002397 // 
            
            
            
            PACKETSTORM: 73077 // 
            
            
            
            CNNVD: CNNVD-200812-354 // 
            
            
            
            NVD: CVE-2008-5662

CREDITS
Sun
Trust: 0.9
sources:
            
            
            BID: 32862 // 
            
            
            
            CNNVD: CNNVD-200812-354

SOURCES
db:VULHUBid:VHN-35787
db:BIDid:32862
db:JVNDBid:JVNDB-2008-002397
db:PACKETSTORMid:73077
db:CNNVDid:CNNVD-200812-354
db:NVDid:CVE-2008-5662

LAST UPDATE DATE
2025-04-10T23:03:21.072000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-35787date:2017-08-08T00:00:00
db:BIDid:32862date:2008-12-16T20:22:00
db:JVNDBid:JVNDB-2008-002397date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200812-354date:2009-01-06T00:00:00
db:NVDid:CVE-2008-5662date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-35787date:2008-12-17T00:00:00
db:BIDid:32862date:2008-12-15T00:00:00
db:JVNDBid:JVNDB-2008-002397date:2009-07-08T00:00:00
db:PACKETSTORMid:73077date:2008-12-16T06:45:34
db:CNNVDid:CNNVD-200812-354date:2008-12-17T00:00:00
db:NVDid:CVE-2008-5662date:2008-12-17T20:30:01.093