QwikSec

Security Database

CVE

CWE

Training

CVE-2008-3440

Published: Aug 1, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

x_refsource_MISC

http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz

x_refsource_MISC

vdb-entry

x_refsource_SECTRACK

20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.