Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
BID:21675
Info
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21675 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6731 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 19 2006 12:00AM |
| Updated: | Mar 19 2015 08:34AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10 Sun SDK (Linux Production Release) 1.5 _07 Sun SDK (Linux Production Release) 1.5 _03 Sun SDK (Linux Production Release) 1.5 _02 Sun SDK (Linux Production Release) 1.5 _01 Sun SDK (Linux Production Release) 1.5 Sun SDK (Linux Production Release) 1.4.2 _08 Sun SDK (Linux Production Release) 1.4.2 _07 Sun SDK (Linux Production Release) 1.4.2 _06 Sun SDK (Linux Production Release) 1.4.2 _05 Sun SDK (Linux Production Release) 1.4.2 _04 Sun SDK (Linux Production Release) 1.4.2 _03 Sun SDK (Linux Production Release) 1.4.2 _02 Sun SDK (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.4.2 _10-b03 Sun JRE (Linux Production Release) 1.4.2 _09 Sun JRE (Linux Production Release) 1.4.2 _08 Sun JRE (Linux Production Release) 1.4.2 _07 Sun JRE (Linux Production Release) 1.4.2 _06 Sun JRE (Linux Production Release) 1.4.2 _05 Sun JRE (Linux Production Release) 1.4.2 _04 Sun JRE (Linux Production Release) 1.4.2 _03 Sun JRE (Linux Production Release) 1.4.2 _02 Sun JRE (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.3.1 _18 Sun JRE (Linux Production Release) 1.3.1 _17 Sun JRE (Linux Production Release) 1.3.1 _16 Sun JRE (Linux Production Release) 1.3.1 _15 Sun JRE (Linux Production Release) 1.3.1 _08 Sun JRE (Linux Production Release) 1.3.1 _04 Sun JRE (Linux Production Release) 1.3.1 _01a Sun JRE (Linux Production Release) 1.3.1 _01 Sun JRE (Linux Production Release) 1.4.2_11 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 HP HP-UX B.11.23 HP HP-UX B.11.11 Gentoo Linux BEA Systems JRockit 8.1 BEA Systems JRockit 8.0 BEA Systems JRockit 7.0 BEA Systems JRockit 3.1.5 BEA Systems JRockit 3.1.4 .1 BEA Systems JRockit 3.1.4 BEA Systems JRockit 3.1.3 BEA Systems JRockit 3.1.2 BEA Systems JRockit 3.1.1 BEA Systems JRockit 1.4.2 BEA Systems JRockit 1.4.2 R4.5 Avaya Predictive Dialer 0 Avaya Interactive Response 1.3 Avaya Interactive Response 2.0 Avaya Integrated Management Avaya CVLAN Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 |
| Not Vulnerable: |
Sun SDK (Linux Production Release) 1.3.1 _19 Sun SDK (Linux Production Release) 1.5.0_08 Sun SDK (Linux Production Release) 1.4.2_13 Sun JRE (Linux Production Release) 1.3.1 _19 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE (Linux Production Release) 1.4.2_13 BEA Systems JRockit 1.4.2 07 BEA Systems JRockit 1.3.1 20 BEA Systems JRockit 1.5.0_04 |
Discussion
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
The Java Runtime Environment is prone to multiple buffer-overflow vulnerabilities the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A local attacker can exploit these issues to execute arbitrary code with administrative privileges. A successful exploit attempt will lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.
The Java Runtime Environment is prone to multiple buffer-overflow vulnerabilities the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
A local attacker can exploit these issues to execute arbitrary code with administrative privileges. A successful exploit attempt will lead to the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.
Exploit / POC
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
Solution:
Sun Microsystems has released an advisory and updates to address these issues. Please see the references for more information.
BEA Systems JRockit 1.4.2 R4.5
BEA Systems JRockit 1.4.2
Apple Mac OS X 10.4.10
Apple Mac OS X Server 10.4.10
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Solution:
Sun Microsystems has released an advisory and updates to address these issues. Please see the references for more information.
BEA Systems JRockit 1.4.2 R4.5
-
BEA Systems CR310095_CR318640_CR315192_JR-R24.5_1.4.2_08_linux32.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ CR310095_CR318640_CR315192_JR-R24.5_1.4.2_08_linux32.tar.gz
BEA Systems JRockit 1.4.2
-
BEA Systems CR310095_CR318640_CR315192_JR-R24.5_1.4.2_08_linux32.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ CR310095_CR318640_CR315192_JR-R24.5_1.4.2_08_linux32.tar.gz
Apple Mac OS X 10.4.10
-
Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg
Apple Mac OS X Server 10.4.10
-
Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg
Apple Mac OS X 10.4.11
-
Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg
Apple Mac OS X Server 10.4.11
-
Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg
References
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
References:
References:
- Java 2 Homepage (Sun)
- Sun Alert ID 102729 (Security Vulnerabilities in the Java Runtime Environment ma (Sun Microsystems)
- About the security content of Java Release 6 for Mac OS X 10.4 (Apple)
- ASA-2007-021 - Security Vulnerabilities in the Java Runtime Environment may Allo (Avaya)
- ASA-2007-119 HP-UX Java (JRE and JDK) Remote Execution of Arbitrary Code (HPSBUX (Avaya)
- RHSA-2007:0062-2: java-1.4.2-ibm security update (Red Hat)
- RHSA-2007:0072-2: IBMJava2 security update (Red Hat)
- Technical Cyber Security Alert TA07-022A - Sun Updates for Multiple Vulnerabilit (US-CERT)
- Vulnerability Note VU#939609 - Sun Java JRE vulnerable to arbitrary code executi (US-CERT)