HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-14
Sun Java Multiple Privilege Escalation Vulnerabilities

Original issue date: March 11, 2008

Severity Rating: Medium

Systems Affected

•  Java Web Start 1.x
•  Java Web Start 6.x
•  Sun Java JDK 1.5.x
•  Sun Java JDK 1.6.x
•  Sun Java JRE 1.4.x
•  Sun Java JRE 1.5.x / 5.x
•  Sun Java JRE 1.6.x / 6.x
•  Sun Java SDK 1.4.x


Overview

Multiple vulnerabilities have been reported in Sun Java Software Development Kit (SDK), Java Development Kit (JDK), and Java Runtime Environment (JRE) which can be exploited by the remote attacker to cause denial of service attack and take control of the vulnerable system in the context of logged in user.

Description

Multiple vulnerabilities is exists due to some unspecified errors in various Sun Java SDK, JDK, JRE environment.

1. Java Un-trusted Applet Vulnerability
(CVE-2008-1185, CVE-2008-1186)

This Vulnerability is caused due to unspecified errors in the Java Runtime Environment Virtual Machine while handling Java Applets. An attacker could exploit this Vulnerability via specially crafted applets or application and entice user to open the same. Successful exploitation of this vulnerability would result in escalation of privileges and gain unauthorized access to read and write local files or execute local applications.

2.JRE XSLT transformation Vulnerability
(CVE-2008-1187)

This vulnerability is caused due to an error in Java Runtime Environment (JRE) while handling XSLT transformations. an attacker could exploit this Vulnerability via specially crafted applets or application and entice user to open the same. Successful exploitation of this vulnerability would result in escalation of privileges and gain unauthorized access to read and write certain URL resources (such as some files and web pages).

3.Java web Start Vulnerability
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191)

This vulnerability is caused due to buffer overflow errors in Java Web Start while handling certain applications. An attacker could exploit this Vulnerability via specially crafted web sites and entice user to visit the webpage. Successful exploitation of this vulnerability would result in escalation of privileges and gain unauthorized access to read and write local files or execute local applications.

4.Java plug-in unspecified error vulnerability
(CVE-2008-1192)

This vulnerability is caused due to origin policy bypass error in the Java Plug-in. An attacker could exploit this Vulnerability via specially crafted applets or application and entice user to open the same. Successful exploitation of this vulnerability would result in escalation of privileges and gain unauthorized access to read and write local files or execute local applications.

5.JRE Image processing library vulnerability
(CVE-2008-1193, CVE-2008-1194)

This vulnerability is caused due to Java Runtime Environment (JRE) errors while handling image parsing and color management libraries within the processing of ICC profiles . An attacker could exploit this vulnerability via specially crafted files or application and entice user to download the same. Successful exploitation would result in crash of Java Virtual Machine (JVM) and gain unauthorized access to read and write local files or execute local applications.

6.JRE Java script code vulnerability
(CVE-2008-1195)

This vulnerability is caused due to an error when handling JavaScript code within a browser to make connection. an attacker could exploit this Vulnerability via specially crafted java script file by making connection through Java APIs to network services . Successful exploitation of this vulnerability would result in unauthorized access to read and write local files or execute local applications.

7.Java web start JNLP files vulnerability
(CVE-2008-1196)

This vulnerability is caused due to boundary error in Java Web Start while handling JNLP files .An attacker could exploit via specially crafted files and entice user to open the same. Successful exploitation would of this vulnerability result in unauthorized access to read and write local files or execute local applications.

Solution

Update to the higher version as mentioned in SUN Advisory:
JDK and JRE 6 Update 5:
http://java.sun.com/javase/downloads/index.jsp

JDK and JRE 5.0 Update 15:
http://java.sun.com/javase/downloads/index_jdk5.jsp

SDK and JRE 1.4.2_17:
http://java.sun.com/j2se/1.4.2/download.html

Vendor Information

Sun
http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233321-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233322-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233323-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233324-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233325-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233326-1
http://sunsolve.sun.com/search/document.do?assetkey=1
-66-233327-1


References

FrSIRT
http://www.frsirt.com/english/advisories/2008/0770

Secunia
http://secunia.com/advisories/29239/

US-CERT
http://www.us-cert.gov/cas/techalerts/TA08-066A.html

SecurityFocus
http://www.securityfocus.com/bid/28083

SecurityTracker
http://www.securitytracker.com/alerts/2008/Mar/1019555.html
http://www.securitytracker.com/alerts/2008/Mar/1019553.html

ZDNET
http://blogs.zdnet.com/security/?p=933

CVE-Name
CVE-2008-1185
CVE-2008-1186
CVE-2008-1187
CVE-2008-1188
CVE-2008-1189
CVE-2008-1190
CVE-2008-1191
CVE-2008-1192
CVE-2008-1193
CVE-2008-1194
CVE-2008-1195
CVE-2008-1196

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003