BID:25340

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

Info

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

Bugtraq ID:	25340
Class:	Access Validation Error
CVE:	CVE-2007-4381
Remote:	Yes
Local:	No
Published:	Aug 15 2007 12:00AM
Updated:	Apr 28 2008 08:46PM
Credit:	John Heasman of NGSSoftware is credited with the discovery of this vulnerability.
Vulnerable:	SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise Desktop 10 SP1 Sun SDK (Windows Production Release) 1.4.2 _10 Sun SDK (Windows Production Release) 1.4.2 _09 Sun SDK (Windows Production Release) 1.4.2 _08 Sun SDK (Windows Production Release) 1.4.2 _05 Sun SDK (Windows Production Release) 1.4.2 _04 Sun SDK (Windows Production Release) 1.4.2 _03 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2_14 Sun SDK (Windows Production Release) 1.4.2_13 Sun SDK (Windows Production Release) 1.4.2_12 Sun SDK (Windows Production Release) 1.4.2_11 Sun SDK (Solaris Production Release) 1.4.2 _10 Sun SDK (Solaris Production Release) 1.4.2 _09 Sun SDK (Solaris Production Release) 1.4.2 _08 Sun SDK (Solaris Production Release) 1.4.2 _05 Sun SDK (Solaris Production Release) 1.4.2 _04 Sun SDK (Solaris Production Release) 1.4.2 _03 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2_14 Sun SDK (Solaris Production Release) 1.4.2_13 Sun SDK (Solaris Production Release) 1.4.2_12 Sun SDK (Solaris Production Release) 1.4.2_11 Sun SDK (Linux Production Release) 1.4.2 _10 Sun SDK (Linux Production Release) 1.4.2 _09 Sun SDK (Linux Production Release) 1.4.2 _08 Sun SDK (Linux Production Release) 1.4.2 _05 Sun SDK (Linux Production Release) 1.4.2 _04 Sun SDK (Linux Production Release) 1.4.2 _03 Sun SDK (Linux Production Release) 1.4.2 _02 Sun SDK (Linux Production Release) 1.4.2 _01 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2_14 Sun SDK (Linux Production Release) 1.4.2_13 Sun SDK (Linux Production Release) 1.4.2_12 Sun SDK (Linux Production Release) 1.4.2_11 Sun JRE (Windows Production Release) 1.5 _06 Sun JRE (Windows Production Release) 1.5 Sun JRE (Windows Production Release) 1.4.2 _10 Sun JRE (Windows Production Release) 1.4.2 _09 Sun JRE (Windows Production Release) 1.4.2 _08 Sun JRE (Windows Production Release) 1.4.2 _07 Sun JRE (Windows Production Release) 1.4.2 _06 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _04 Sun JRE (Windows Production Release) 1.4.2 _03 Sun JRE (Windows Production Release) 1.4.2 _02 Sun JRE (Windows Production Release) 1.4.2 _01 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.5.0.0_09 Sun JRE (Windows Production Release) 1.5.0.0_08 Sun JRE (Windows Production Release) 1.5.0.0_07 Sun JRE (Windows Production Release) 1.4.2_14 Sun JRE (Windows Production Release) 1.4.2_13 Sun JRE (Windows Production Release) 1.4.2_12 Sun JRE (Windows Production Release) 1.4.2_11 Sun JRE (Solaris Production Release) 1.5 _06 Sun JRE (Solaris Production Release) 1.5 _01 Sun JRE (Solaris Production Release) 1.5 Sun JRE (Solaris Production Release) 1.4.2 _10 Sun JRE (Solaris Production Release) 1.4.2 _09 Sun JRE (Solaris Production Release) 1.4.2 _08 Sun JRE (Solaris Production Release) 1.4.2 _07 Sun JRE (Solaris Production Release) 1.4.2 _06 Sun JRE (Solaris Production Release) 1.4.2 _05 Sun JRE (Solaris Production Release) 1.4.2 _04 + Opera Software Opera Web Browser 7.54 Sun JRE (Solaris Production Release) 1.4.2 _03 Sun JRE (Solaris Production Release) 1.4.2 _02 Sun JRE (Solaris Production Release) 1.4.2 _01 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.5.0.0_09 Sun JRE (Solaris Production Release) 1.5.0.0_08 Sun JRE (Solaris Production Release) 1.5.0.0_07 Sun JRE (Solaris Production Release) 1.4.2_14 Sun JRE (Solaris Production Release) 1.4.2_13 Sun JRE (Solaris Production Release) 1.4.2_12 Sun JRE (Solaris Production Release) 1.4.2_11 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _05 Sun JRE (Linux Production Release) 1.5 _04 Sun JRE (Linux Production Release) 1.5 _03 Sun JRE (Linux Production Release) 1.5 _02 Sun JRE (Linux Production Release) 1.5 _01 Sun JRE (Linux Production Release) 1.4.2 _10-b03 Sun JRE (Linux Production Release) 1.4.2 _10 Sun JRE (Linux Production Release) 1.4.2 _09 Sun JRE (Linux Production Release) 1.4.2 _08 Sun JRE (Linux Production Release) 1.4.2 _07 Sun JRE (Linux Production Release) 1.4.2 _06 Sun JRE (Linux Production Release) 1.4.2 _05 Sun JRE (Linux Production Release) 1.4.2 _04 + Opera Software Opera Web Browser 7.54 Sun JRE (Linux Production Release) 1.4.2 _03 Sun JRE (Linux Production Release) 1.4.2 _02 Sun JRE (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE (Linux Production Release) 1.4.2_13 Sun JRE (Linux Production Release) 1.4.2_12 Sun JRE (Linux Production Release) 1.4.2_11 Sun JDK (Windows Production Release) 1.5 .0_05 Sun JDK (Windows Production Release) 1.5 .0_04 Sun JDK (Windows Production Release) 1.5 .0_03 Sun JDK (Windows Production Release) 1.5.0.0_09 Sun JDK (Windows Production Release) 1.5.0.0_08 Sun JDK (Windows Production Release) 1.5.0.0_06 Sun JDK (Solaris Production Release) 1.5 0_09 Sun JDK (Solaris Production Release) 1.5 _06 Sun JDK (Solaris Production Release) 1.5 .0_05 Sun JDK (Solaris Production Release) 1.5 .0_04 Sun JDK (Solaris Production Release) 1.5 .0_03 Sun JDK (Linux Production Release) 1.5 _07 Sun JDK (Linux Production Release) 1.5 _06 Sun JDK (Linux Production Release) 1.5 .0_05 Sun JDK (Linux Production Release) 1.5 Sun JDK (Linux Production Release) 1.5.0.0_09 Sun JDK (Linux Production Release) 1.5.0.0_08 Sun JDK (Linux Production Release) 1.5.0.0_04 Sun JDK (Linux Production Release) 1.5.0.0_03 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. CORE 9 RedHat Enterprise Linux Extras 4 RedHat Enterprise Linux Extras 3 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Desktop Supplementary 5 client Red Hat Enterprise Linux Desktop 5 client Gentoo Linux BEA Systems JRockit 1.4.2 BEA Systems JRockit R27.3.1 BEA Systems JRockit 5.0 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10

Not Vulnerable:	Sun SDK (Windows Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.4.2 _15 Sun SDK (Linux Production Release) 1.4.2 _15 Sun JRE (Windows Production Release) 1.5.0_10 Sun JRE (Windows Production Release) 1.4.2_15 Sun JRE (Solaris Production Release) 1.5.0_10 Sun JRE (Solaris Production Release) 1.4.2_15 Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.4.2_15 Sun JDK (Windows Production Release) 1.5 0_10 Sun JDK (Solaris Production Release) 1.5 0_10 Sun JDK (Linux Production Release) 1.5 0_10

Discussion

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

The Sun Java Runtime Environment is prone to a remote privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the user who invoked the Java applet. Successfully exploiting this issue may result in the remote compromise of affected computers.

Exploit / POC

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

The following proof-of-concept code is available:

/data/vulnerabilities/exploits/25340.tti

Solution / Fix

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

Solution:
Sun has released Sun Alert Advisory 103024 with fixes to address this issue. Please see the references for more information.

Sun JRE (Linux Production Release) 1.4.2_11

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Solaris Production Release) 1.4.2_13

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2_13

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun SDK (Solaris Production Release) 1.4.2_13

Sun j2sdk-1_4_2_15-solaris-sparc.tar.Z
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Windows Production Release) 1.4.2_14

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Windows Production Release) 1.4.2_13

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Windows Production Release) 1.4.2_13

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JDK (Linux Production Release) 1.5.0.0_03

Sun jdk-1_5_0_12-nb-5_5_1-linux-ml.bin
https://sdlc5b.sun.com/ECom/EComActionServlet;jsessionid=5D507414BA747 518D62BE5781B58FB74#

Sun SDK (Windows Production Release) 1.4.2_11

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Solaris Production Release) 1.4.2_12

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Solaris Production Release) 1.4.2_11

Sun j2sdk-1_4_2_15-solaris-sparc.tar.Z
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

BEA Systems JRockit 5.0

BEA Systems jrockit-jdk1.5.0_11-linux_ia32.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-linux_ia32.tar.gz

BEA Systems jrockit-jdk1.5.0_11-linux_ia64.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-linux_ia64.tar.gz

BEA Systems jrockit-jdk1.5.0_11-linux_x86_64.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-linux_x86_64.tar.gz

BEA Systems jrockit-jdk1.5.0_11-solaris_sparcv9.tar.gz
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-solaris_sparcv9.tar.gz

BEA Systems jrockit-jdk1.5.0_11-windows_ia32.zip
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-windows_ia32.zip

BEA Systems jrockit-jdk1.5.0_11-windows_ia64.zip
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-windows_ia64.zip

BEA Systems jrockit-jdk1.5.0_11-windows_x86_64.zip
ftp://anonymous:dev2dev%[email protected]/pub/releases/security/ jrockit-jdk1.5.0_11-windows_x86_64.zip

Sun JRE (Linux Production Release) 1.4.2_12

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2_11

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun SDK (Windows Production Release) 1.4.2_12

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Solaris Production Release) 1.4.2 _06

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Windows Production Release) 1.4.2 _10

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun SDK (Windows Production Release) 1.4.2 _05

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Solaris Production Release) 1.4.2 _05

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Linux Production Release) 1.4.2 _01

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Windows Production Release) 1.4.2 _07

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Solaris Production Release) 1.4.2 _08

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Windows Production Release) 1.4.2 _03

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2 _02

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Windows Production Release) 1.4.2 _01

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Windows Production Release) 1.4.2 _02

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Linux Production Release) 1.4.2 _03

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Windows Production Release) 1.4.2 _04

Sun j2sdk-1_4_2_15-windows-i586-p.exe
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun SDK (Solaris Production Release) 1.4.2 _03

Sun j2sdk-1_4_2_15-solaris-sparc.tar.Z
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Linux Production Release) 1.4.2 _04

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Windows Production Release) 1.4.2 _05

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Windows Production Release) 1.4.2 _06

Sun j2re-1_4_2_15-windows-i586-p.exe
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2 _04

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Solaris Production Release) 1.4.2 _04

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Linux Production Release) 1.4.2 _10-b03

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2 _08

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun SDK (Solaris Production Release) 1.4.2 _05

Sun j2sdk-1_4_2_15-solaris-sparc.tar.Z
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JRE (Linux Production Release) 1.4.2 _02

Sun j2re-1_4_2_15-linux-i586-rpm.bin
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun JRE (Solaris Production Release) 1.4.2 _03

Sun j2re-1_4_2_15-solaris-sparc.sh
https://sdlc1a.sun.com/ECom/EComActionServlet;jsessionid=463D64D09B9A2 ABB5BB4F5F7931A921D#

Sun SDK (Linux Production Release) 1.4.2 _05

Sun j2sdk-1_4_2_15-linux-i586-rpm.bin
https://sdlc2d.sun.com/ECom/EComActionServlet;jsessionid=8A80849E676F2 3C79048581EE9DF1F92#

Sun JDK (Linux Production Release) 1.5 .0_05

Sun jdk-1_5_0_12-nb-5_5_1-linux-ml.bin
https://sdlc5b.sun.com/ECom/EComActionServlet;jsessionid=5D507414BA747 518D62BE5781B58FB74#

Sun JDK (Windows Production Release) 1.5 .0_04

Sun jdk-1_5_0_12-nb-5_5_1-win-ml.exe
https://sdlc4d.sun.com/ECom/EComActionServlet;jsessionid=C1BA0A1D62A91 5C144EBD0BDF40F9E7E#

Sun JDK (Solaris Production Release) 1.5 .0_03

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JRE (Linux Production Release) 1.5 _03

Sun jre-1_5_0_12-linux-i586-rpm.bin
https://sdlc3e.sun.com/ECom/EComActionServlet;jsessionid=E2DD376C02694 481F58172E416EE1DDE#

Sun JDK (Solaris Production Release) 1.5 .0_04

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JDK (Solaris Production Release) 1.5 _06

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JDK (Solaris Production Release) 1.5 0_09

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JRE (Windows Production Release) 1.5 _06

Sun jre-1_5_0_12-windows-i586-p-iftw.exe
https://sdlc3e.sun.com/ECom/EComActionServlet;jsessionid=E2DD376C02694 481F58172E416EE1DDE#

Sun JRE (Solaris Production Release) 1.5

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JRE (Linux Production Release) 1.5 _02

Sun jre-1_5_0_12-linux-i586-rpm.bin
https://sdlc3e.sun.com/ECom/EComActionServlet;jsessionid=E2DD376C02694 481F58172E416EE1DDE#

Sun JRE (Solaris Production Release) 1.5 _01

Sun 118666-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118666-12-1

Sun 118667-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118667-12-1

Sun 118668-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118668-12-1

Sun 118669-12
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -118669-12-1

Sun JRE (Linux Production Release) 1.5 _01

Sun jre-1_5_0_12-linux-i586-rpm.bin
https://sdlc3e.sun.com/ECom/EComActionServlet;jsessionid=E2DD376C02694 481F58172E416EE1DDE#

Apple Mac OS X 10.4.10

Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg

Apple Mac OS X 10.4.11

Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg

Apple Mac OS X Server 10.4.11

Apple Java for Mac OS X 10.4, Release 6
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16540&cat= 1&platform=osx&method=sa/JavaForMacOSX10.4Release6.dmg

References

Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

References:

CVE Request: python-rsa signature forgery (Filippo Valsorda )
A Cross-browser, Cross-platform, Cross-architecture Bug in the JRE (John Heasman)
RHSA-2007:0956-3 - java-1.5.0-bea security update (RedHat)
Security update for IBMJava5-JRE,IBMJava5-SDK (SUSE)
Sun Java Homepage (Sun Microsystems)
Memory overwrites in JVM via malformed TrueType font (NGSSoftware Insight Security Research )
BEA07-177.00 Multiple Security Vulnerabilities in the Java Runtime Environment (BEA Systems)
RHSA-2007:1086-5 - java-1.4.2-bea security update (RedHat)
RHSA-2008:0100-4 java-1.4.2-bea security update (Red Hat)
RHSA-2008:0132-4 - java-1.4.2-ibm security update (Red Hat)
Sun Alert ID 103024 (Sun Microsystems)