Sun Java Runtime Environment Buffer Overflow in unpack200 Utility Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021312
|
|
SecurityTracker URL: http://securitytracker.com/id?1021312
|
|
CVE Reference: CVE-2008-5352
(Links to External Site)
|
Updated: Dec 5 2008
|
Original Entry Date: Dec 5 2008
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): JDK and JRE 6 Update 10 and prior; JDK and JRE 5.0 Update 16 and prior
|
Description: A vulnerability was reported in Sun Java Runtime Environment (JRE). A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted applet that, when loaded by the target user, will trigger a buffer overflow in the "unpack200"
JAR unpacking utility and execute arbitrary code on the target system. The code will run with the privileges of the target user.
The
vendor was notified on October 2, 2008.
regenrecht reported this vulnerability via iDefense.
|
Impact: A remote user can create an applet that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued the following Java SE and Java SE for Business releases for Solaris, Windows and Linux:
* JDK and JRE
6 Update 11 or later
* JDK and JRE 5.0 Update 17 or later
The vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-24499
2-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1 (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 4 Dec 2008 19:03:59 -0500
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-244992-1
|
|
|
