|
|
>> Sun Java JDK and JRE Code Execution and Security Bypass Issues
|
Multiple vulnerabilities have been identified in Sun Java, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by an unspecified error in the Java Management Extensions (JMX) management agent, which may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.
The second weakness is caused by an unspecified error in the Java Runtime Environment, which may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host.
The third vulnerability is caused by errors related to the processing of XML data, which could allow unauthorized access to certain URL resources.
The fourth issue is caused by an error in the Java Runtime Environment Virtual Machine, which may allow an untrusted application or applet that is downloaded from a website to elevate its privileges.
The fifth vulnerability is caused by a buffer overflow error within the processing of fonts in the Java Runtime Environment (JRE), which may allow an untrusted applet or application to elevate its privileges.
The sixth issue is caused by errors in the Java Runtime Environment relating to scripting language support, which may allow an untrusted applet or application to elevate its privileges or to access information from another applet.
The seventh vulnerability is caused by buffer overflow errors in Java Web Start, which may allow an untrusted Java Web Start application to elevate its privileges.
The eighth issue is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application.
The ninth vulnerability is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application.
The tenth issue is caused by an error in Java Web Start, which may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.
The eleventh vulnerability is caused by an error in the JDK/JRE Secure Static Versioning feature, which could cause applets to run on an older JRE/JDK release installed on the system.
Affected Products
Sun JDK and JRE 6 Update 6 and prior
Sun JDK and JRE 5.0 Update 15 and prior
Sun SDK and JRE 1.4.2_17 and prior
Sun SDK and JRE 1.3.1_22 and prior
Solution
Upgrade to JDK and JRE 6 Update 7 :
http://java.sun.com/javase/downloads/index.jsp
Upgrade to JDK and JRE 5.0 Update 16 :
http://java.sun.com/javase/downloads/index_jdk5.jsp
Upgrade to SDK and JRE 1.4.2_18 :
http://java.sun.com/j2se/1.4.2/download.html
Upgrade to SDK and JRE 1.3.1_23 :
http://java.sun.com/j2se/1.3/download.html
References
http://www.vupen.com/english/advisories/2008/2056 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
Credits
Vulnerabilities reported by Gregory Fleischer, Fujitsu, John Heasman (NGSSoftware), Peter Csepely and Zero Day Initiative.
ChangeLog
2008-07-10 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|