SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Your Ad Here
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  OS (Other)  >  Java Runtime Environment (JRE) Vendors:  Sun
Sun Java Virtual Machine Can Be Crashed By Malicious Java Code
SecurityTracker Alert ID:  1003418
SecurityTracker URL:  http://securitytracker.com/id?1003418
CVE Reference:  CVE-2002-2072   (Links to External Site)
Updated:  May 20 2008
Original Entry Date:  Feb 1 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Version(s): JRE 1.2.2 and JRE 1.3.1
Description:  A denial of service vulnerability was reported in Sun's Java Virtual Machine (JVM) where malicious Java code can cause the JVM to crash.

SecurityFocus reported that a remote user can create a malicious Java code that will cause the Sun JVM to crash when the program is run.

A demonstration exploit can be found at:

http://ohhara.sarang.net/security/jvmcrash.txt

SecurityFocus noted that this was posted to the Bugtraq mailing list by Taeho Oh <ohhara@postech.edu>. [Editor's note: We were unable to find a copy of any such message on the Bugtraq list. However, the author has confirmed sending the message to Bugtraq.]
Impact:  A remote user can create Java code that will cause another user's JVM to crash when the Java is executed on that other user's host.
Solution:  No solution was available at the time of this entry.
Vendor URL:  java.sun.com/ (Links to External Site)
Cause:  Exception handling error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Underlying OS Comments:  Tested on Linux
Reported By:  ohhara@postech.edu
Message History:   None.

 Source Message Contents
Date:  Fri, 01 Feb 2002 02:50:55 -0500
From:  *
Subject:  Sun Java Virtual Machine Segmentation Violation Vulnerability

 

SecurityFocus reported a denial of service vulnerability in Sun's Java
Virtual Machine (JVM), affecting JRE 1.2.2 and JRE 1.3.1.

A remote user can create a malicious Java code that will cause the Sun
JVM to crash when the program is run.

This bug was reportedly demonstrated on the Linux operating system.

A demonstration exploit can be found at:

http://www.securityfocus.com/data/vulnerabilities/exploits/CrashMe.java

The vendor's web site is:

http://java.sun.com


SecurityFocus noted that this was posted to the Bugtraq mailing list by
Taeho Oh <ohhara@postech.edu>.  [Editor's note:  We were unable to find
a copy of any such message on the Bugtraq list.]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2007, SecurityGlobal.net LLC