Sun Java Web Start Multiple Vulnerabilities
BID:30148
Info
Sun Java Web Start Multiple Vulnerabilities
| Bugtraq ID: | 30148 |
| Class: | Unknown |
| CVE: |
CVE-2008-3111 CVE-2008-3112 CVE-2008-3113 CVE-2008-3114 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 08 2008 12:00AM |
| Updated: | Mar 19 2015 08:13AM |
| Credit: | John Heasman, Peter Csepely and an anonymous researcher |
| Vulnerable: |
VMWare VirtualCenter 2.0.2 VMWare VirtualCenter 2.5 Update 5 VMWare VirtualCenter 2.5 Update 2 VMWare VirtualCenter 2.5 Update 1 VMWare VirtualCenter 2.5 VMWare VirtualCenter 2.0.2 Update 5 VMWare VirtualCenter 2.0.2 Update 4 VMWare VirtualCenter 2.0.2 Update 3 VMWare VirtualCenter 2.0.2 Update 2 VMWare VirtualCenter 2.0.2 Update 1 VMWare ESX Server 3.0.3 VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 3.5 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE SUSE Linux Enterprise 10 Sun SDK (Windows Production Release) 1.4.2 _15 Sun SDK (Windows Production Release) 1.4.2 _10 Sun SDK (Windows Production Release) 1.4.2 _09 Sun SDK (Windows Production Release) 1.4.2 _08 Sun SDK (Windows Production Release) 1.4.2 _05 Sun SDK (Windows Production Release) 1.4.2 _04 Sun SDK (Windows Production Release) 1.4.2 _03 Sun SDK (Windows Production Release) 1.4.2 Sun SDK (Windows Production Release) 1.4.2_17 Sun SDK (Windows Production Release) 1.4.2_16 Sun SDK (Windows Production Release) 1.4.2_14 Sun SDK (Windows Production Release) 1.4.2_13 Sun SDK (Windows Production Release) 1.4.2_12 Sun SDK (Windows Production Release) 1.4.2_11 Sun SDK (Solaris Production Release) 1.4.2 _15 Sun SDK (Solaris Production Release) 1.4.2 _10 Sun SDK (Solaris Production Release) 1.4.2 _09 Sun SDK (Solaris Production Release) 1.4.2 _08 Sun SDK (Solaris Production Release) 1.4.2 _05 Sun SDK (Solaris Production Release) 1.4.2 _04 Sun SDK (Solaris Production Release) 1.4.2 _03 Sun SDK (Solaris Production Release) 1.4.2 Sun SDK (Solaris Production Release) 1.4.2_17 Sun SDK (Solaris Production Release) 1.4.2_16 Sun SDK (Solaris Production Release) 1.4.2_14 Sun SDK (Solaris Production Release) 1.4.2_13 Sun SDK (Solaris Production Release) 1.4.2_12 Sun SDK (Solaris Production Release) 1.4.2_11 Sun SDK (Linux Production Release) 1.4.2 _15 Sun SDK (Linux Production Release) 1.4.2 _10 Sun SDK (Linux Production Release) 1.4.2 _09 Sun SDK (Linux Production Release) 1.4.2 _08 Sun SDK (Linux Production Release) 1.4.2 _05 Sun SDK (Linux Production Release) 1.4.2 _04 Sun SDK (Linux Production Release) 1.4.2 _03 Sun SDK (Linux Production Release) 1.4.2 _02 Sun SDK (Linux Production Release) 1.4.2 _01 Sun SDK (Linux Production Release) 1.4.2 Sun SDK (Linux Production Release) 1.4.2_17 Sun SDK (Linux Production Release) 1.4.2_16 Sun SDK (Linux Production Release) 1.4.2_14 Sun SDK (Linux Production Release) 1.4.2_13 Sun SDK (Linux Production Release) 1.4.2_12 Sun SDK (Linux Production Release) 1.4.2_11 Sun JRE (Windows Production Release) 1.4.2 _10 Sun JRE (Windows Production Release) 1.4.2 _09 Sun JRE (Windows Production Release) 1.4.2 _08 Sun JRE (Windows Production Release) 1.4.2 _07 Sun JRE (Windows Production Release) 1.4.2 _06 Sun JRE (Windows Production Release) 1.4.2 _05 Sun JRE (Windows Production Release) 1.4.2 _04 Sun JRE (Windows Production Release) 1.4.2 _03 Sun JRE (Windows Production Release) 1.4.2 _02 Sun JRE (Windows Production Release) 1.4.2 _01 Sun JRE (Windows Production Release) 1.4.2 Sun JRE (Windows Production Release) 1.4.2_17 Sun JRE (Windows Production Release) 1.4.2_16 Sun JRE (Windows Production Release) 1.4.2_15 Sun JRE (Windows Production Release) 1.4.2_14 Sun JRE (Windows Production Release) 1.4.2_13 Sun JRE (Windows Production Release) 1.4.2_12 Sun JRE (Windows Production Release) 1.4.2_11 Sun JRE (Solaris Production Release) 1.5 _15 Sun JRE (Solaris Production Release) 1.4.2 _10 Sun JRE (Solaris Production Release) 1.4.2 _09 Sun JRE (Solaris Production Release) 1.4.2 _08 Sun JRE (Solaris Production Release) 1.4.2 _07 Sun JRE (Solaris Production Release) 1.4.2 _06 Sun JRE (Solaris Production Release) 1.4.2 _05 Sun JRE (Solaris Production Release) 1.4.2 _04 Sun JRE (Solaris Production Release) 1.4.2 _03 Sun JRE (Solaris Production Release) 1.4.2 _02 Sun JRE (Solaris Production Release) 1.4.2 _01 Sun JRE (Solaris Production Release) 1.4.2 Sun JRE (Solaris Production Release) 1.4.2_17 Sun JRE (Solaris Production Release) 1.4.2_16 Sun JRE (Solaris Production Release) 1.4.2_15 Sun JRE (Solaris Production Release) 1.4.2_14 Sun JRE (Solaris Production Release) 1.4.2_13 Sun JRE (Solaris Production Release) 1.4.2_12 Sun JRE (Solaris Production Release) 1.4.2_11 Sun JRE (Linux Production Release) 1.6 _06 Sun JRE (Linux Production Release) 1.6 _05 Sun JRE (Linux Production Release) 1.6 _04 Sun JRE (Linux Production Release) 1.5 _15 Sun JRE (Linux Production Release) 1.5 _07 Sun JRE (Linux Production Release) 1.5 _06 Sun JRE (Linux Production Release) 1.4.2 _10-b03 Sun JRE (Linux Production Release) 1.4.2 _10 Sun JRE (Linux Production Release) 1.4.2 _09 Sun JRE (Linux Production Release) 1.4.2 _08 Sun JRE (Linux Production Release) 1.4.2 _07 Sun JRE (Linux Production Release) 1.4.2 _06 Sun JRE (Linux Production Release) 1.4.2 _05 Sun JRE (Linux Production Release) 1.4.2 _04 Sun JRE (Linux Production Release) 1.4.2 _03 Sun JRE (Linux Production Release) 1.4.2 _02 Sun JRE (Linux Production Release) 1.4.2 _01 Sun JRE (Linux Production Release) 1.4.2 Sun JRE (Linux Production Release) 1.6.0_03 Sun JRE (Linux Production Release) 1.6.0_02 Sun JRE (Linux Production Release) 1.6.0_01 Sun JRE (Linux Production Release) 1.5.0_14 Sun JRE (Linux Production Release) 1.5.0_13 Sun JRE (Linux Production Release) 1.5.0_12 Sun JRE (Linux Production Release) 1.5.0_11 Sun JRE (Linux Production Release) 1.5.0_10 Sun JRE (Linux Production Release) 1.5.0_09 Sun JRE (Linux Production Release) 1.5.0_08 Sun JRE (Linux Production Release) 1.4.2_17 Sun JRE (Linux Production Release) 1.4.2_16 Sun JRE (Linux Production Release) 1.4.2_15 Sun JRE (Linux Production Release) 1.4.2_14 Sun JRE (Linux Production Release) 1.4.2_13 Sun JRE (Linux Production Release) 1.4.2_12 Sun JRE (Linux Production Release) 1.4.2_11 Sun JDK (Solaris Production Release) 1.5 _15 Sun JDK (Linux Production Release) 1.6 _06 Sun JDK (Linux Production Release) 1.6 _05 Sun JDK (Linux Production Release) 1.6 _04 Sun JDK (Linux Production Release) 1.6 _01 Sun JDK (Linux Production Release) 1.6 Sun JDK (Linux Production Release) 1.5 0_10 Sun JDK (Linux Production Release) 1.5 _15 Sun JDK (Linux Production Release) 1.5 _14 Sun JDK (Linux Production Release) 1.5 _07 Sun JDK (Linux Production Release) 1.5 _06 Sun JDK (Linux Production Release) 1.5 _02 Sun JDK (Linux Production Release) 1.5 _01 Sun JDK (Linux Production Release) 1.5 .0_05 Sun JDK (Linux Production Release) 1.6.0_03 Sun JDK (Linux Production Release) 1.6.0_02 Sun JDK (Linux Production Release) 1.5.0_13 Sun JDK (Linux Production Release) 1.5.0.0_12 Sun JDK (Linux Production Release) 1.5.0.0_11 Sun JDK (Linux Production Release) 1.5.0.0_09 Sun JDK (Linux Production Release) 1.5.0.0_08 Sun JDK (Linux Production Release) 1.5.0.0_04 Sun JDK (Linux Production Release) 1.5.0.0_03 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. CORE 9 Redhat Red Hat Network Satellite (for RHEL 4) 5.1 Redhat Enterprise Linux WS Extras 4 Redhat Enterprise Linux WS Extras 3 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Extras 4 Redhat Enterprise Linux ES Extras 4 Redhat Enterprise Linux ES Extras 3 Redhat Enterprise Linux Desktop Supplementary 5 client Redhat Enterprise Linux AS Extras 4 Redhat Enterprise Linux AS Extras 3 Redhat Desktop Extras 4 Redhat Desktop Extras 3 Nortel Networks Self-Service Peri CTX 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service CCXML 0 Nortel Networks Self Service VoiceXML 0 Nortel Networks MPS Speech Server 6.0 Nortel Networks MPS Manager 0 Nortel Networks MPS Developer 0 Nortel Networks MPS 3.0 Nortel Networks MPS 2.1 Nortel Networks MPS 1.0 Nortel Networks Enterprise VoIP TM-CS1000 Gentoo Linux Avaya Interactive Response 3.0 Avaya Interactive Response 2.0 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 |
| Not Vulnerable: |
VMWare VirtualCenter 2.5.Update 3 build 1 Sun SDK (Windows Production Release) 1.4.2_18 Sun SDK (Solaris Production Release) 1.4.2_18 Sun SDK (Linux Production Release) 1.4.2_18 Sun JRE (Windows Production Release) 1.4.2_18 Sun JRE (Solaris Production Release) 1.4.2_18 Sun JRE (Linux Production Release) 1.6 _07 Sun JRE (Linux Production Release) 1.5 _16 Sun JRE (Linux Production Release) 1.4.2_18 Sun JDK (Linux Production Release) 1.6 _07 Sun JDK (Linux Production Release) 1.5.0_16 |
Discussion
Sun Java Web Start Multiple Vulnerabilities
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.
Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.
This issue affects the following versions:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
Sun Java Web Start is prone to multiple vulnerabilities, including buffer-overflow, privilege-escalation, and information-disclosure issues.
Successful exploits may allow attackers to execute arbitrary code, obtain information, or read, write, and execute arbitrary local files in the context of the user running a malicious Web Start application. This may result in a compromise of the underlying system.
This issue affects the following versions:
JDK and JRE 6 Update 6 and earlier
JDK and JRE 5.0 Update 15 and earlier
SDK and JRE 1.4.2_17 and earlier
Exploit / POC
Sun Java Web Start Multiple Vulnerabilities
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sun Java Web Start Multiple Vulnerabilities
Solution:
Vendor advisory and fixes are available. Please see the references for more information.
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.5.5
Solution:
Vendor advisory and fixes are available. Please see the references for more information.
Apple Mac OS X 10.4.11
-
Apple JavaForMacOSX10.4Release7.dmg
Java for Mac OS X 10.4, Release 7
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg
Apple Mac OS X Server 10.4.11
-
Apple JavaForMacOSX10.4Release7.dmg
Java for Mac OS X 10.4, Release 7
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg
Apple Mac OS X Server 10.5.5
-
Apple JavaForMacOSX10.5Update2.dmg
Java for Mac OS X 10.5 Update 2
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg
References
Sun Java Web Start Multiple Vulnerabilities
References:
References:
- Java Web Start Homepage (Sun Microsystems)
- ZDI-08-042: Sun Java Web Start Sandbox Bypass Vulnerability ([email protected])
- ZDI-08-043: Sun Java Web Start vm args Stack Buffer Overflow ([email protected])
- 2008008988, Rev 2 - Nortel Response to Sun Java JDK / JRE Multiple Vulnerabiliti (Nortel Networks)
- ASA-2008-310 Multiple Security Vulnerabilities in Java Web Start may allow Privi (Avaya)
- Nortel Security Advisory 2008008988, Rev 1 (Nortel)
- RHSA-2008:0594-7 java-1.6.0-sun security update (Red Hat)
- RHSA-2008:0595-3 java-1.5.0-sun security update (Red Hat)
- RHSA-2008:0636-4 Red Hat Network Satellite Server Sun Java Runtime security upda (Red Hat)
- RHSA-2008:0638-4 Red Hat Network Satellite Server IBM Java Runtime security upda (Red Hat)
- RHSA-2008:0790-6 java-1.5.0-ibm security update (Red Hat)
- Solution 238905: Multiple Security Vulnerabilities in Java Web Start may allow P (Sun Microsystems)