SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
(Apple Issues Fix) Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System
SecurityTracker Alert ID:  1022402
SecurityTracker URL:  http://securitytracker.com/id/1022402
CVE Reference:   CVE-2009-1098, CVE-2009-1099   (Links to External Site)
Date:  Jun 15 2009
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 6 Update 13
Description:   A vulnerability was reported in Java Runtime Environment (JRE). A remote user can read/write files and execute applications on the target user's system.

A remote user can create a specially crafted applet or Java Web Start application that, when loaded by the target user, will gain elevated privileges on the target system. The application can access files and web pages and potentially execute arbitrary code on the target system.

PNG and GIF images are affected.

Fonts are affected.

regenrecht working with iDefense VCP reported some of these vulnerabilities. Sean Larsson of iDefense reported one of these vulnerabilities.

Impact:   A remote user can create an application that, when loaded by the target user via the command line, will read/write files and execute applications on the target user's system with the privileges of the target user.
Solution:   Apple has issued a fix (Java for Mac OS X 10.4 Release 9) for CVE-2009-1098 and CVE-2009-1099, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site at:

http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.4Release9.dmg
Its SHA-1 digest is: cc470c07eb67f66b4980cea2a6566a7b0e4bf755

The Apple advisory will be available at:

http://support.apple.com/kb/HT1222

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-66-254571-1 (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.4.x

Message History:   This archive entry is a follow-up to the message listed below.
Mar 25 2009 Java Runtime Environment (JRE) Buffer Overflow in Processing Image Files and Fonts Lets Remote Users Gain Privileges on the Target System



 Source Message Contents

Subject:  APPLE-SA-2009-06-15-2 Java for Mac OS X 10.4 Release 9


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2009-06-15-2 Java for Mac OS X 10.4 Release 9

Java for Mac OS X 10.4 Release 9 is now available and addresses the
following:

Java
CVE-ID:  CVE-2009-1107, CVE-2008-5352, CVE-2008-5356, CVE-2008-5353,
CVE-2008-5354, CVE-2008-5357, CVE-2008-5359, CVE-2009-1104,
CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2009-1103,
CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5348,
CVE-2009-1101, CVE-2009-1100, CVE-2009-1100, CVE-2009-1099,
CVE-2009-1098, CVE-2009-1095, CVE-2009-1096, CVE-2009-1094,
CVE-2009-1093, CVE-2008-5341, CVE-2008-5339, CVE-2008-5360
Available for:
Mac OS X v10.4.11 with Java for Mac OS X 10.4 Release 8,
Mac OS X Server v.10.4.11 with Java for Mac OS X 10.4 Release 8
Impact:  Multiple vulnerabilities in Java 1.5.0_16
Description:  Multiple vulnerabilities exist in Java 1.5.0_16, the
most serious of which may allow an untrusted Java applet to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted untrusted Java applet may lead to arbitrary code execution
with the privileges of the current user. These issues are addressed
by updating Java 1.5 to version 1.5.0_19. Further information is
available via the Sun Java website at
http://java.sun.com/j2se/1.5.0/ReleaseNotes.html

Java
CVE-ID:  CVE-2008-5342, CVE-2008-5356, CVE-2008-5353, CVE-2008-5354,
CVE-2008-5357, CVE-2008-5340, CVE-2008-5359, CVE-2009-1104,
CVE-2008-5360, CVE-2008-5344, CVE-2008-5345, CVE-2008-2086,
CVE-2008-5346, CVE-2009-1103, CVE-2008-5350, CVE-2008-5351,
CVE-2008-5348, CVE-2009-1100, CVE-2009-1100, CVE-2009-1098,
CVE-2009-1094, CVE-2009-1093, CVE-2008-5343, CVE-2008-5339
Available for:
Mac OS X v10.4.11 with Java for Mac OS X 10.4 Release 8,
Mac OS X Server v.10.4.11 with Java for Mac OS X 10.4 Release 8
Impact:  Multiple vulnerabilities in Java 1.4.2_18
Description:  Multiple vulnerabilities exist in Java 1.4.2_18, the
most serious of which may allow an untrusted Java applet to obtain
elevated privileges. Visiting a web page containing a maliciously
crafted untrusted Java applet may lead to arbitrary code execution
with the privileges of the current user. These issues are addressed
by updating Java 1.4 to version 1.4.2_21. Further information is
available via the Sun Java website at
http://java.sun.com/j2se/1.4.2/ReleaseNotes.html


Java for Mac OS X 10.4 Release 9 may be obtained from the Software
Update pane in System Preferences, or Apple's Software Downloads
web site: http://www.apple.com/support/downloads/

The download file is named: JavaForMacOSX10.4Release9.dmg
Its SHA-1 digest is: cc470c07eb67f66b4980cea2a6566a7b0e4bf755

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJKNopyAAoJEHkodeiKZIkBQTgH/jgtmho0SjvzX93WpoNUfjQ6
xZJElEjdkRqxDAK6ittRfo4JPsf/tOkG8ZLP3hzuj6SPKN+XlRorxdd9jyu6ZGKC
dkege0Xvs9Gx6HEOGsY1P/j/349q/4WP/z5DZxK5ostoWttwNlSMLmnM+dxmxG3Y
gNYV0fwIrB50WCZwwPECyAnQrwkfAdwdKSwhxNSfnl3qlvVf2F532Kc2BcS3KK1X
iimy4u7QhAhqbuMe0mjpXums+bXHzi0DV/n96jgqMpzqBa7/bVKS3xOFJ/oC1mJf
9OgDrBqxT3e9SxnTKzSMNRIMhPK2GsrtrES9GuzonyGme9sekpmPQPEF83+V6aQ=
=1WtD
-----END PGP SIGNATURE-----
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC