VUPEN Security - Sun Java JDK and JRE Code Execution and Security Bypass Issues / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Sun Java JDK and JRE Code Execution and Security Bypass Issues

Title : Sun Java JDK and JRE Code Execution and Security Bypass Issues
VUPEN ID : VUPEN/ADV-2008-2056
CVE ID : CVE-2008-3103 - CVE-2008-3104 - CVE-2008-3105 - CVE-2008-3106 - CVE-2008-3107 - CVE-2008-3108 - CVE-2008-3109 - CVE-2008-3110 - CVE-2008-3111 - CVE-2008-3112 - CVE-2008-3113 - CVE-2008-3114 - CVE-2008-3115
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-07-10

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.

The first issue is caused by an unspecified error in the Java Management Extensions (JMX) management agent, which may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.

The second weakness is caused by an unspecified error in the Java Runtime Environment, which may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host.

The third vulnerability is caused by errors related to the processing of XML data, which could allow unauthorized access to certain URL resources.

The fourth issue is caused by an error in the Java Runtime Environment Virtual Machine, which may allow an untrusted application or applet that is downloaded from a website to elevate its privileges.

The fifth vulnerability is caused by a buffer overflow error within the processing of fonts in the Java Runtime Environment (JRE), which may allow an untrusted applet or application to elevate its privileges.

The sixth issue is caused by errors in the Java Runtime Environment relating to scripting language support, which may allow an untrusted applet or application to elevate its privileges or to access information from another applet.

The seventh vulnerability is caused by buffer overflow errors in Java Web Start, which may allow an untrusted Java Web Start application to elevate its privileges.

The eighth issue is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application.

The ninth vulnerability is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application.

The tenth issue is caused by an error in Java Web Start, which may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.

The eleventh vulnerability is caused by an error in the JDK/JRE Secure Static Versioning feature, which could cause applets to run on an older JRE/JDK release installed on the system.

Affected Products

Sun JDK and JRE 6 Update 6 and prior
Sun JDK and JRE 5.0 Update 15 and prior
Sun SDK and JRE 1.4.2_17 and prior
Sun SDK and JRE 1.3.1_22 and prior

Solution

Upgrade to JDK and JRE 6 Update 7 :
http://java.sun.com/javase/downloads/index.jsp

Upgrade to JDK and JRE 5.0 Update 16 :
http://java.sun.com/javase/downloads/index_jdk5.jsp

Upgrade to SDK and JRE 1.4.2_18 :
http://java.sun.com/j2se/1.4.2/download.html

Upgrade to SDK and JRE 1.3.1_23 :
http://java.sun.com/j2se/1.3/download.html

References

http://www.vupen.com/english/advisories/2008/2056
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1

Credits

Vulnerabilities reported by Gregory Fleischer, Fujitsu, John Heasman (NGSSoftware), Peter Csepely and Zero Day Initiative.

ChangeLog

2008-07-10 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-12

Apple Safari Code Execution and Information Disclosure Vulnerabilities

>> 2010-03-12

IBM ENOVIA SmarTeam "errMsg" Cross Site Scripting Vulnerability

>> 2010-03-12

Debian Security Update Fixes Egroupware Multiple Vulnerabilities

>> 2010-03-12

Debian Security Update Fixes Kernel Security Bypass and DoS Issues

>> 2010-03-12

Fedora Security Update Fixes NSS TLS Plaintext Injection Vulnerability

More Informations