Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Sun Java JRE / JDK / Web Start
дополнено с 4 декабря 2008 г.
Опубликовано:23 апреля 2009 г.
Источник:
SecurityVulns ID:9483
Тип:библиотека
Уровень опасности:
9/10
Описание:JNLP может переписать системные опции java.home java.ext.dirs user.home. Переполнение буфера динамической памяти и целочисленные переполнения при разборе шрифтов TrueType, повреждение памяти при разборе GIF, целочисленное переполнение при извлечении Pack200. Многочисленные возможности выхода за пределы ограниченной среды.
Затронутые продукты:SUN : JRE 1.6
 ORACLE : OpenJDK 6
CVE:CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors.)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library.)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll.)
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry.)
 CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applets and applications to gain privileges via unknown vectors related to "deserializing calendar objects.")
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings.)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors.)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows remote attackers to cause a denial of service (CPU consumption) via a crafted RSA public key.)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors.)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages.)
 CVE-2008-2086
Оригинальный текстdocumentThierry Zoller, [TZO-12-2009] SUN / Oracle JVM Remote code execution (23.04.2009)
 documentUBUNTU, [USN-713-1] openjdk-6 vulnerabilities (31.01.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA08-340A -- Sun Java Updates for Multiple Vulnerabilities (10.12.2008)
 documentZDI, ZDI-08-081: Sun Java Web Start and Applet Multiple Sandbox Bypass Vulnerabilities (09.12.2008)
 documentZDI, ZDI-08-080: Sun Java AWT Library Sandbox Violation Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE Pack200 Decompression Integer Overflow Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java Web Start GIF Decoding Memory Corruption Vulnerability (09.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.04.08: Sun Java JRE TrueType Font Parsing Heap Overflow Vulnerability (09.12.2008)
 documentVSR Advisories, [Full-disclosure] CVE-2008-2086: Java Web Start File Inclusion via System Properties Override (04.12.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород