Vulnerability Description
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Jdk | 1.5.0 |
| Sun | Jre | 1.5.0 |
| Sun | Sdk | 1.5.0_6 |
References
- http://secunia.com/advisories/20132Vendor Advisory
- http://secunia.com/advisories/20457
- http://secunia.com/advisories/34489
- http://secunia.com/advisories/34495
- http://secunia.com/advisories/34496
- http://secunia.com/advisories/34632
- http://secunia.com/advisories/34675
- http://securityreason.com/securityalert/909
- http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm
- http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm
- http://www.debian.org/security/2009/dsa-1769
- http://www.illegalaccess.org/exploit/FullDiskApplet.htmlExploit
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:137
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:162
- http://www.novell.com/linux/security/advisories/2006-06-02.html
FAQ
What is CVE-2006-2426?
CVE-2006-2426 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.c...
How severe is CVE-2006-2426?
CVE-2006-2426 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2426?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Jdk, Sun Jre, Sun Sdk.