Gentoo update for IcedTea
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 22 |
| CVE-ID | CVE-2016-2183 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3260 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289 CVE-2017-3509 CVE-2017-3511 CVE-2017-3512 CVE-2017-3514 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544 |
| CWE-ID | CWE-327 CWE-20 CWE-200 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #8 is available. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 22 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU370
Risk: Low
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-2183
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to decrypt transmitted data.
The vulnerability exists due to remote user's ability to control the network and capture long duration 3DES CBC mode encrypted session during which he can see a part of the text. In case of repeated sending the attacker can read the part and reconstruct the whole text.
Successful exploitation of this vulnerability may allow a remote attacker to decode transmitted data. This vulnerability is known as SWEET32.
MitigationUpdate the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Modification of information
EUVDB-ID: #VU7325
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-5546
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to modify information.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component. A remote attacker can modify arbitrary data on the system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU7326
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5547
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the Libraries component. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU7327
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5548
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Libraries component. A remote attacker can trick the victim into visiting a specially crafted webpage and read important files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU7328
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5549
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Libraries component. A remote attacker can trick the victim into visiting a specially crafted webpage and read important files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Modification of information
EUVDB-ID: #VU7329
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5552
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to modify information.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the Networking component. A remote attacker can modify arbitrary data on the system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU7330
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3231
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Networking component. A remote attacker can trick the victim into visiting a specially crafted webpage read arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Remote code execution
EUVDB-ID: #VU7331
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2017-3241
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the RMI component. A remote attacker can execute arbitrary code with privileges of the current user and compromise vulnerable system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
9) Modification of information
EUVDB-ID: #VU7332
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-3252
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to modify information.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the JAAS component. A remote attacker can trick the victim into visiting a specially crafted webpage and modify arbitrary data on the system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Denial of service
EUVDB-ID: #VU7333
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2017-3253
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists due to unknown error in Oracle Java SE Java SE Embedded and Jrockit related to the 2D component. A remote attacker can cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Remote code execution
EUVDB-ID: #VU7334
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3260
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE related to the AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU7335
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3261
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Networking component. A remote attacker can trick the victim into visiting a specially crafted webpage and read arbitrary files on the target system.
Successful exploitation of the vulnerability results in information disclosure.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Remote code execution
EUVDB-ID: #VU7336
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3272
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Libraries component. A remote attacker can trick the victim into visiting a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Remote code execution
EUVDB-ID: #VU6712
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3289
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code.
The weakness exists due to unknown error in Oracle Java SE and Java SE Embedded related to the Hotspot component. A remote attacker can trick the victim into opening a specially crafted webpage, execute arbitrary code with privileges of the current user and compromise vulnerable system.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Security restrictions bypass
EUVDB-ID: #VU6668
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3509
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information on the target system.
The weakness exists due to unknown error. A remote attacker can read and modify arbitrary files.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Remote code execution
EUVDB-ID: #VU6669
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3511
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Remote code execution
EUVDB-ID: #VU6713
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3512
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Remote code execution
EUVDB-ID: #VU6714
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3514
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to unknown error related to the Java SE AWT component. A remote attacker can trick the victim into visiting a specially crafted webpage and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Denial of service
EUVDB-ID: #VU6694
Risk: High
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-3526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to unknown error. A remote attacker can trick the victim into visiting a specially crafted webpage and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Security restrictions bypass
EUVDB-ID: #VU6670
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3533
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify information on the target system.
The weakness exists due to unknown error related to the Java SE, Java SE Embedded, JRockit Networking component. A remote attacker can access and modify arbitrary data.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Security restrictions bypass
EUVDB-ID: #VU6671
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3539
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify information on the target system.
The weakness exists due to unknown error related to the Java SE, Java SE Embedded Security component. A remote attacker can trick the victim into visiting a specially crafted webpage, access and modify arbitrary data.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Security restrictions bypass
EUVDB-ID: #VU6672
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-3544
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify information on the target system.
The weakness exists due to unknown error related to the Java SE, Java SE Embedded Networking component. A remote attacker can access and modify arbitrary data.
Update the affected packages.
dev-java/icedtea-bin to version: 3.4.0 or 7.2.6.10.
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201707-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
