Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Oracle Java SE Multiple Vulnerabilities

-

Description


Multiple vulnerabilities have been reported in Oracle Java SE, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) A design error in the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols can be exploited to disclose potentially sensitive information via e.g. a Man-in-the-Middle (MitM) attack.

2) An error in the Deployment component may allow execution of arbitrary code in a client deployment via e.g untrusted applets.

This vulnerability affects Windows based platforms only.

3) A type checking error in the Deserialization component when handling IIOP deserialization may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

4) An input sanitisation error in the Scripting component when handling Rhino Javascript errors may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

5) A signedness error in jsound.dll when a function receives notifications of control-change events encountered in MIDI streams can be exploited to corrupt heap memory.

6) An error in the Deployment component can be exploited to disclose and manipulate certain data in a client deployment via e.g. untrusted applets.

7) An error in the Networking component can be exploited to disclose certain data in a client deployment via e.g. untrusted applets.

8) An error in the AWT component may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

9) An error in the Swing component may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

10) An error in the AWT component may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

11) An error in the 2D component may allow execution of arbitrary code in a client and server deployment via e.g untrusted applets or data sent to APIs through a web service.

12) The java.net.Socket API does not properly limit the number of concurrent UDP sockets, which can be exploited to conduct DNS cache poisoning attacks by exhausting available sockets by e.g. tricking a user into visiting a website containing malicious applets.

This may be related to vulnerability #19 in:
SA43262

13) An error in the JAXWS component can be exploited to disclose certain data in a server deployment via e.g. data sent to APIs through a web service.

14) An error in the Java Runtime Environment component may allow execution of arbitrary code in a client deployment via e.g. untrusted applets.

15) An error in the Java Runtime Environment component can be exploited to manipulate certain data and cause a DoS in a client deployment via e.g. untrusted applets.

16) An error in the RMI component can be exploited to disclose and manipulate certain data and to cause a DoS in a RMI server deployment.

17) An error in the RMI component can be exploited to disclose and manipulate certain data and to cause a DoS in a RMI server deployment.

18) An error in the HotSpot component can be exploited to disclose certain data in a client deployment via e.g. untrusted applets.

19) An error in the JSSE component can be exploited to disclose and manipulate certain data in a client deployment via e.g. untrusted applets.

20) An error in the Deployment component can be exploited to disclose certain data in a client deployment via e.g. untrusted applets.


Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
3) Sami Koivu via ZDI.
4) Michael Schierl via ZDI.
5) axtaxt via ZDI.
12) Roee Hay and Yair Amit, IBM Rational Application Security Research Group.

It is currently unclear who reported the remaining vulnerabilities as the Oracle Java SE Critical Patch Update for October 2011 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

IBM:
http://blog.watchfire.com/files/dnsp_port_exhaustion.pdf
http://roeehay.blogspot.com/2011/10/dns-poisoning-via-port-exhaustion.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-305/
http://www.zerodayinitiative.com/advisories/ZDI-11-306/
http://www.zerodayinitiative.com/advisories/ZDI-11-307/

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Oracle Java SE Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability