|
|
|
>> Sun Java Multiple Code Execution and Security Bypass Vulnerabilities
|
Multiple vulnerabilities have been identified in Sun Java, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system.
The first issue is caused by errors when decoding DER encoded data and parsing HTTP headers, which may allow a remote client to cause the JRE on the server to run out of memory, creating a denial of service condition.
The second vulnerability is caused by an error when verifying HMAC digests, which may allow authentication to be bypassed via a forged digital signature.
The third issue is caused by an error in the Java Web Start Installer, which may be leveraged to allow an untrusted Java Web Start application to run as a trusted application and execute arbitrary code.
The fourth vulnerability is caused by an error in the Java Runtime Environment Deployment Toolkit, which could be exploited by malicious web sites to execute arbitrary commands.
The fifth weakness is caused due to the Java Runtime Environment Java Update mechanism, when running on non-English versions of the Windows operating system, not updating the JRE when a new version is available.
Various buffer and integer overflow errors exist within the processing of malformed audio and image files, which may allow an untrusted applet or Java Web Start application to escalate privileges and execute arbitrary code or read/write local files.
Affected Products
Sun Java JDK and JRE version 6 Update 16 and prior
Sun Java JDK and JRE version 5.0 Update 21 and prior
Sun Java SDK and JRE version 1.4.2_23 and prior
Sun Java SDK and JRE version 1.3.1_26 and prior
Solution
Upgrade to Sun JDK and JRE 6 Update 17 or later :
http://java.sun.com/javase/downloads/index.jsp
Upgrade to Sun JDK and JRE 5.0 Update 22 or later :
http://java.sun.com/javase/downloads/index_jdk5.jsp
Upgrade to Sun SDK and JRE 1.4.2_24 or later :
http://java.sun.com/j2se/1.4.2/download.html
Upgrade to Sun SDK and JRE 1.3.1_27 or later :
http://java.sun.com/j2se/1.3/download.html
Java SE for Business :
http://www.sun.com/software/javaseforbusiness/getit_download.jsp
References
http://www.vupen.com/english/advisories/2009/3131
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
Credits
Vulnerabilities reported by BFK edv-consulting GmbH, Coda Hale, Peter Vreugdenhil, Zero Day Initiative and TippingPoint, regenrecht, iDefense, Peter Csepely, and Tomasz (Tometzky) Ostrowski.
ChangeLog
2009-11-04 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
 |
