BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow Vulnerability
BID:22077
Info
BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 22077 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 16 2007 12:00AM |
| Updated: | Jan 16 2007 11:00PM |
| Credit: | Wade Alcorn and Marcus Pinto of NGSSoftware are credited with the discovery of this vulnerability. |
| Vulnerable: |
BEA Systems Weblogic Server 8.1 BEA Systems WebLogic Platform 8.1 BEA Systems WebLogic Express 8.1 BEA Systems JRockit 1.4.2_05 |
| Not Vulnerable: | |
Discussion
BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow Vulnerability
BEA JRockit is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
BEA JRockit 1.4.2 R4.5 and prior versions are vulnerable to this issue. WebLogic server express and platform version 8.1 through service pack 5 are also vulnerable.
BEA JRockit is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. Failed attempts will likely crash the application, resulting in denial-of-service conditions.
BEA JRockit 1.4.2 R4.5 and prior versions are vulnerable to this issue. WebLogic server express and platform version 8.1 through service pack 5 are also vulnerable.
Exploit / POC
Solution / Fix
BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow Vulnerability
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
BEA Systems Weblogic Server 8.1
BEA Systems WebLogic Express 8.1
BEA Systems JRockit 1.4.2_05
BEA Systems WebLogic Platform 8.1
Solution:
The vendor released an advisory and fixes to address this issue. Please see the references for more information.
BEA Systems Weblogic Server 8.1
-
BEA WebLogic Server
http://commerce.bea.com/showallversions.jsp?family=WLS
BEA Systems WebLogic Express 8.1
-
BEA WebLogic Server
http://commerce.bea.com/showallversions.jsp?family=WLS
BEA Systems JRockit 1.4.2_05
BEA Systems WebLogic Platform 8.1
-
BEA WebLogic Platform
http://commerce.bea.com/showallversions.jsp?family=WLP
References
BEA JRockit Java Virtual Machine Unspecified Stack Buffer Overflow Vulnerability
References:
References:
- Bea Homepage (Bea)
- JRockit Homepage (BEA Systems)
- Weblogic (BEA Systems)
- Security Advisory: BEA07-155.00 (BEA Systems)