LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus: Sun-JDK Multiple Vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Bill Keys   
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-83            security@pardus.org.tr
------------------------------------------------------------------------
     Date: 2008-12-23
 Severity: 5
     Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been reported  in  Sun  Java,  which  can  be
exploited by malicious people to bypass certain security  restrictions,
disclose sensitive information, cause a DoS  (Denial  of  service),  or
compromise a vulnerable system.


Description
===========

1)  Java Runtime  Environment  (JRE)  creates  temporary  files   with
insufficiently random names. This can be exploited to  write  arbitrary
JAR files and perform restricted actions on the affected system.



2) An error exists in the Java AWT library when processing image models.
This can be exploited to cause  a  heap-based  buffer  overflow  via  a
specially crafted "Raster" image model used in a "ConvolveOp" operation.



3) An error in Java Web Start when processing certain GIF header values
can be exploited to cause a memory corruption via a  specially  crafted
splash logo.



4) An integer overflow error in the processing of TrueType fonts can be
exploited to cause a heap-based buffer overflow.



5) An error in the JRE can be exploited to establish network connections
to arbitrary hosts.



6) An error when launching Java Web Start applications can be exploited
by an untrusted application to e.g. read, write, or execute local files
with the privileges of the user running the application.



7) An error can be exploited by an untrusted Java Web Start application
to obtain the current username and the location of the Java  Web  Start
cache.



8) An error in Java  Web  Start  can  be  exploited  to  modify  system
properties (e.g. java.home, java.ext.dirs, and user.home) via specially
crafted JNLP files.



9) An error in Java Web Start and Java  Plug-in  can  be  exploited  to
hijack HTTP sessions.



10) An error in the JRE  applet  class  loading  functionality  can  be
exploited to read arbitrary files and establish network connections  to
arbitrary hosts.



11) An error in the Java Web Start BasicService can be exploited to open
arbitrary local files in the user's browser.



12) The problem is that the "Java Update" mechanism does not check  the
digital signature of the downloaded update package. This be exploited to
execute arbitrary code via  e.g.  a  MitM  (Man-in-the-Middle)  or  DNS
spoofing attack.



13) A boundary error exists when processing the  "Main-Class"  manifest
entry of a JAR file. This can be exploited to cause a stack-based buffer
overflow via a specially crafted JAR file.



14) An error when deserializing calendar objects can be exploited by an
untrusted Java applet to e.g. read, write, or execute local files.



15) An integer overflow error in  JRE  can  be  exploited  to  cause  a
heap-based buffer overflow via a specially crafted  Pack200  compressed
JAR file.



16) The UTF-8 decoder accepts encodings longer than the "shortest" form.
This can potentially be  exploited  to  trick  applications  using  the
decoder into accepting invalid sequences and  e.g.  disclose  sensitive
information via specially crafted URIs.



17) An error in the JRE can be exploited to list the  contents  of  the
user's home directory.



18) An error when processing RSA public keys can be exploited to consume
large amounts of CPU.



19) An error in  the  JRE  Kerberos  authentication  mechanism  can  be
exploited to potentially exhaust operating system resources.



20) Multiple errors in the JAX-WS and JAXB JRE packages can be exploited
by an untrusted Java applet to e.g. read, write, or execute local files.



21) An error when processing ZIP files can  be  exploited  to  disclose
arbitrary memory locations from the host process.



22) An error can be exploited by malicious code loaded from  the  local
filesystem to gain network access to the local host.



23) A boundary error  in  the  processing  of  TrueType  fonts  can  be
exploited to cause a heap-based buffer overflow.


Affected packages:

 Pardus 2008:
   sun-jdk, all before 1.6.0_p11-17-4
   sun-jdk-demo, all before 1.6.0_p11-17-1
   sun-jdk-doc, all before 1.6.0_p11-17-1
   sun-jdk-samples, all before 1.6.0_p11-17-1
   sun-jre, all before 1.6.0_p11-17-4


Resolution
==========

There   are update(s)   for   sun-jdk,   sun-jdk-demo,   sun-jdk-doc,
sun-jdk-samples, sun-jre. You can update them via  Package  Manager  or
with a single command from console:

   pisi up sun-jdk sun-jdk-demo sun-jdk-doc sun-jdk-samples sun-jre

References
==========

 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246346-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1
 * http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1
 * http://secunia.com/Advisories/32991/

------------------------------------------------------------------------

--
Pardus Security Team
http://security.pardus.org.tr
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Anti-surveillance advocates want you to run an open, secure WiFi router
Attackers raid SWISS BANKS with DNS and malware bombs
A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying
Black Hat presentation on TOR suddenly cancelled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.