Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sun Java JDK / JRE Multiple Vulnerabilities

-

Description


Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.

1) An error while initialising LDAP connections can be exploited to render the LDAP service unresponsive.

2) An error in the JRE LDAP client implementation can be exploited to load and execute arbitrary code via specially crafted data received from a malicious LDAP server.

3) An integer overflow error in JRE when unpacking applets and in Java Web Start applications using the "unpack200" JAR unpacking utility can be exploited to potentially execute arbitrary code.

This is related to vulnerability #15 in:
SA32991

4) An error in JRE when unpacking applets and in Java Web Start applications using the "unpack200" JAR unpacking utility can be exploited to cause a buffer overflow and potentially execute arbitrary code.

5) Two errors when storing and processing temporary font files can be exploited by an untrusted applet or a Java Web Start application to consume an overly large amount of disk space.

This is related to:
SA20132

6) An error in the Java Plug-in when deserializing applets can be exploited to e.g. read, write, or execute local files.

7) The Java Plug-in allows JavaScript code loaded from the local system to connect to arbitrary local ports. This can be exploited in combination with cross-site scripting attacks to access normally restricted local ports.

8) The Java Plug-in allows applets to run in earlier versions of JRE if approved by the user. This can be exploited to trick a user into loading a malicious applet into an old and potentially vulnerable JRE version.

9) An error in the Java Plug-in when processing crossdomain.xml files can be exploited by an untrusted applet to connect to arbitrary domains providing a crossdomain.xml file.

10) An error in the Java Plug-in can be exploited by a signed applet to alter the contents of the security dialog and trick a user into trusting the applet.

11) An error in the JRE virtual machine when generating code can be exploited to e.g. read, write, or execute local files.

NOTE: This vulnerability only affects JDK and JRE 6 Update 12 and earlier for the Solaris SPARC platform.

12) An integer overflow error in JRE when processing PNG splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

13) An error in JRE when processing GIF splash screen images can be exploited by an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

14) An error in JRE when processing GIF images can be exploited by an untrusted applet or an untrusted Java Web Start application to cause a buffer overflow and potentially execute arbitrary code.

15) A signedness error in JRE when processing Type1 fonts can be exploited to cause corrupt heap memory and potentially execute arbitrary code.

16) An unspecified error in the JRE HTTP server implementation can be exploited to render a JAX-WS service endpoint unresponsive.

Please see the vendor advisories for details on affected products and versions.


Solution:
Update to a fixed version.

Further details available to Secunia VIM customers

Provided and/or discovered by:
1, 2, 6, 7, 8, 11, 16) Reported by the vendor.
3, 12, 13, 14) regenrecht, reported via iDefense
4) Chris Evans
5) The vendor credits Marc Schoenefeld.
9) The vendor credits Gregory Fleischer.
10) The vendor credits Michael Scheirl.
15) Sean Larsson, iDefense

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254569-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254608-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254610-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-254609-1

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=780
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=779
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=778
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777

Chris Evans:
http://scary.beasts.org/security/CESA-2009-005.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sun Java JDK / JRE Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability