Java Web Start Bugs Let Remote Users Gain Privileges on the Target System
|
|
SecurityTracker Alert ID: 1020452
|
|
SecurityTracker URL: http://securitytracker.com/id?1020452
|
|
CVE Reference: CVE-2008-3111
, CVE-2008-3112
, CVE-2008-3113
, CVE-2008-3114
(Links to External Site)
|
Updated: Jul 10 2008
|
Original Entry Date: Jul 9 2008
|
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Sun Alert
|
Version(s): prior to versions 6 Update 7, 5.0 Update 16, and 1.4.2_18
|
Description: Several vulnerabilities were reported in Java Web Start. A remote user can read, write, and delete files and execute applications on the target user's system.
A remote user can create a specially crafted application that, when loaded by the target user, will trigger a buffer overflow and
gain elevated privileges on the target user's system. This can be exploited to read and write files on the target user's system
and execute applications on the target user's system with the privileges of the target user.
Other vulnerabilities allow a remote
user to create arbitrary files on the target user's system, delete arbitrary files on the target user's system, and determine the
location of the Java Web Start cache.
John Heasman of NGSSoftware reported one of these vulnerabilities. Peter Csepely reported
one vulnerability via TippingPoint. An anonymous researcher reported one of these vulnerabilities via TippingPoint.
|
Impact: A remote user can read, write, and delete files and execute applications on the target user's system with the privileges of the target user.
|
Solution: Sun has issued the following fix.
* JDK and JRE 6 Update 7 or later
* JDK and JRE 5.0 Update 16 or later
* SDK and
JRE 1.4.2_18 or later
[Editor's note: Some of the vulnerabilities were fixed in earlier versions.]
JDK and JRE 6 Update 7
is available for download at the following links:
http://java.sun.com/javase/downloads/index.jsp
http://java.com/
JRE 6
Updates are available through the Java Update tool for Microsoft Windows users.
JDK 6 Update 7 for Solaris is available in the
following patches:
* Java SE 6 Update 7 (as delivered in patch 125136-09 or later)
* Java SE 6 Update 7 (as delivered
in patch 125137-09 or later (64bit))
* Java SE 6_x86 Update 7 (as delivered in patch 125138-09 or later)
* Java SE 6_x86
Update 7 (as delivered in patch 125139-09 or later (64bit))
JDK and JRE 5.0 Update 16 is available for download at the following
links:
http://java.sun.com/javase/downloads/index_jdk5.jsp
JDK 5.0 Update 16 for Solaris will be available in the following
patches:
J2SE 5.0 Update 16 (as delivered in patch 118666-17)
J2SE 5.0 Update 16 (as delivered in patch 118667-17 (64bit))
J2SE
5.0_x86 Update 16 (as delivered in patch 118668-17)
J2SE 5.0_x86 Update 16 (as delivered in patch 118669-17 (64bit))
SDK and
JRE 1.4.2 is available for download at:
http://java.sun.com/j2se/1.4.2/download.html
Note: When installing a new version of
the product from a source other than a Solaris patch, it is recommended that the old affected versions be removed from your system.
To remove old affected versions on the Windows platform, please see:
http://java.com/en/download/help/uninstall_java.xml
The
vendor's advisory is available at:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1 (Links to External Site)
|
Cause: Access control error, Boundary error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 9 Jul 2008 14:40:40 -0400
Subject: http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1
|
|
|
