English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Sun Java JDK / JRE Multiple Vulnerabilities


Secunia ID

SA31010

CVE-ID

CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115

Release Date

09 Jul 2008

Last Change

18 Jul 2008

Criticality

Highly Critical

Solution Status

Vendor Patch

Software

Java Web Start 1.x
Java Web Start 5.x
Java Web Start 6.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.3.x
Sun Java JRE 1.4.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x
Sun Java SDK 1.3.x
Sun Java SDK 1.4.x

Where

From remote

Impact
DoS (Denial of Service)

This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.

System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.

Exposure of system information

Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally.

Security Bypass

This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.

The actual impact varies significantly depending on the design and purpose of the affected application.

Description

Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.

1) An error in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write local files and execute local applications.

2) An error in the Java Management Extensions (JMX) management agent can be exploited by a JMX client to perform certain unauthorized operations on a system running JMX with local monitoring enabled.

3) Two errors within the scripting language support in the Java Runtime Environment can be exploited by malicious, untrusted applets to access information from another applet, read and write local files, and execute local applications.

4) Boundary errors in Java Web Start (e.g. within the "GetVMArgsOption()" function when parsing specially crafted JNLP files) can be exploited by an untrusted Java Web Start applications to cause buffer overflows.

5) Three errors in Java Web Start (e.g. a directory traversal within the "writeManifest()" function) can be exploited by an untrusted Java Web Start applications to create or delete arbitrary files with the privileges of the user running the untrusted Java Web Start application, or to determine the location of the Java Web Start cache.

6) An error in the implementation of Secure Static Versioning allows applets to run on an older release of JRE.

7) Errors in the Java Runtime Environment can be exploited by an untrusted applet to bypass the same origin policy and establish socket connections to certain services running on the local host.

8) An error in the Java Runtime Environment when processing certain XML data can be exploited to allow unauthorized access to certain URL resources or cause a DoS.

Successful exploitation requires the JAX-WS client or service in a trusted application to process the malicious XML data.

9) An error in the Java Runtime Environment when processing certain XML data can be exploited by an untrusted applet or application to gain unauthorized access to certain URL resources.

10) A boundary error when processing fonts in the Java Runtime Environment can be exploited to cause a buffer overflow.

Please see the vendor advisories for details on affected products and versions.

Solution

Update to the fixed version.

JDK and JRE 6 Update 7:
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 16:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_18:
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.1_23 (for customers with Solaris 8 and Vintage Support Offering support contracts):
http://java.sun.com/j2se/1.3/download.html

Reported by

1) The vendor credits Fujitsu
4) The vendor credits:
* John Heasman of NGSSoftware
* An anonymous researcher, reporting via ZDI
5) Peter Csepely, reporting via ZDI
6) The vendor credits John Heasman of NGSSoftware
7) The vendor credits Gregory Fleischer
10) The vendor credits John Heasman of NGSSoftware

Original Advisory

Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-042/
http://www.zerodayinitiative.com/advisories/ZDI-08-043/