LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Pardus: Sun-Java: Multiple Vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a user's system.

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-46            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-04-01
  Severity: 4
      Type: Remote
------------------------------------------------------------------------

Summary
=======

Some vulnerabilities have been reported  in  Sun  Java,  which  can  be
exploited by malicious people to bypass certain security  restrictions,
cause a DoS (Denial of Service), or  potentially  compromise  a  user's
system.


Description
===========

1) An error while initialising LDAP connections  can  be  exploited  to
render the LDAP service unresponsive.



2) An error in the JRE LDAP client implementation can be  exploited  to
load and execute arbitrary code via specially crafted data received from
a malicious LDAP server.



3) An integer overflow error in JRE when unpacking applets and in  Java
Web Start applications using the "unpack200" JAR unpacking utility  can
be exploited to potentially execute arbitrary code.



4) An error in JRE  when  unpacking  applets  and  in  Java  Web  Start
applications  using the  "unpack200"  JAR  unpacking  utility  can  be
exploited to cause a buffer overflow and potentially execute  arbitrary
code.



5) Two errors when storing and processing temporary font files  can  be
exploited by an untrusted applet or a Java  Web  Start  application  to
consume an overly large amount of disk space.



6) An error in the Java  Plug-in  when  deserializing  applets  can  be
exploited to e.g. read, write, or execute local files.



7) The Java Plug-in allows JavaScript code loaded from the local system
to  connect to  arbitrary  local  ports.  This  can  be  exploited  in
combination  with cross-site  scripting  attacks  to  access  normally
restricted local ports.



8) The Java Plug-in allows applets to run in earlier versions of JRE if
approved by the user. This can be exploited to trick a user into loading
a malicious applet into an old and potentially vulnerable JRE version.



9) An error in the Java Plug-in when processing  crossdomain.xml  files
can be exploited by an untrusted applet to connect to arbitrary domains
providing a crossdomain.xml file.



10) An error in the Java Plug-in can be exploited by a signed applet to
alter the contents of the security dialog and trick a user into trusting
the applet.



11) An error in the JRE virtual machine when  generating  code  can  be
exploited to e.g. read, write, or execute local files.



NOTE: This vulnerability only affects JDK  and  JRE  6  Update  12  and
earlier for the Solaris SPARC platform.



12) An integer overflow error in JRE when processing PNG splash  screen
images can be exploited by an untrusted Java Web Start  application  to
cause a buffer overflow and potentially execute arbitrary code.



13) An error in JRE when processing GIF splash  screen  images  can  be
exploited by an untrusted Java Web Start application to cause a  buffer
overflow and potentially execute arbitrary code.



14) An error in JRE when processing GIF images can be exploited  by  an
untrusted applet or an untrusted Java Web Start application to cause  a
buffer overflow and potentially execute arbitrary code.



15) A signedness error in  JRE  when  processing  Type1  fonts  can  be
exploited to cause corrupt heap memory and potentially execute arbitrary
code.



16) An unspecified error in the JRE HTTP server implementation  can  be
exploited to render a JAX-WS service endpoint unresponsive.



Affected packages:

  Pardus 2008:
    sun-jdk, all before 1.6.0_p13-18-5
    sun-jdk-demo, all before 1.6.0_p13-18-2
    sun-jdk-doc, all before 1.6.0_p13-18-2
    sun-jdk-samples, all before 1.6.0_p13-18-2
    sun-jre, all before 1.6.0_p13-18-5



Resolution
==========

There   are update(s)   for   sun-jdk,   sun-jdk-demo,   sun-jdk-doc,
sun-jdk-samples, sun-jre. You can update them via  Package  Manager  or
with a single command from console:

    pisi up sun-jdk sun-jdk-demo sun-jdk-doc sun-jdk-samples sun-jre

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=9467
  * http://sunsolve.sun.com/search/document.do?assetkey=1-66-254570-1
  * http://secunia.com/advisories/34451/
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers Can ‘Steal’ Bandwidth From BitTorrent Seeders, Research Finds
Linux Kernel Development Gets Two-Factor Authentication
Hacking cars and traffic lights at Def Con
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.