CERT-In Advisory CIAD-2008-36
Multiple critical vulnerabilities in Sun Java Development Kit and Java Runtime Environment
Original issue date:
July 16, 2008
Severity Rating: High
Systems Affected
- Java Development Kit (JDK) 6 Update 6 and prior
- Java Runtime Environment (JRE) 6 Update 6 and prior
- Java Development Kit (JDK) 5.0 Update 15 and prior
- Java Runtime Environment (JRE) 5.0 Update 15 and prior
- Java Standard Development Kit (SDK) 1.4.2_17 and prior
- Java Runtime Environment (JRE) 1.4.2_17 and prior
Overview
Multiple vulnerabilities have been reported in Sun Java Development Kit and Java Runtime Environment which can be exploited by remote attackers to bypass certain security restrictions, disclose system and potentially sensitive information, create or delete arbitrary files, cause Denial of Service attacks, or compromise a vulnerable system.
Description
1. Java Management Extensions unauthorized-access Vulnerability (CVE-2008-3103)
This issue is caused due to an unspecified error in the Java Management Extensions (JMX) management agent, which could be exploited by remote attacker to perform certain unauthorized operations, by means of a JMX client, on a system running JMX with local monitoring enabled.
SDK and JRE 1.4.x are not affected.
2. Java Runtime Environment Same Origin Policy bypass Vulnerability (CVE-2008-3104)
This issue is caused due to some errors in Sun Java Runtime Environment (JRE), which could allow remote attackers to violate the same origin policy security model for an applet's outbound connections. An attacker can exploit this vulnerability by loading a maliciously crafted applet from a remote system to bypass the same origin policy and establish socket connections to certain services running on the local host.
SDK and JRE 1.3.x_22 and earlier are also affected by this vulnerability.
3. JAX-WS client XML data processing Denial of Service Vulnerability (CVE-2008-3105)
Vulnerability in the JAX-WS client and service of Sun Java Runtime Environment (JRE) exists which could allow remote attackers to gain unauthorized access to URL resources or to cause a denial of service attack. An attacker can exploit this vulnerability by forcing the JAX-WS client or service of a trusted application to process the malicious XML data.
JDK and JRE 5.0, and SDK and JRE 1.4.x are not affected.
4. Untrusted applet/application XML data processing unauthorized access Vulnerability (CVE-2008-3106)
This vulnerability is due to an error in the Sun Java Runtime Environment (JRE) when processing certain XML data. This vulnerability could allow remote attackers to gain unauthorized access to certain URL resources by loading a maliciously crafted applet/ application from a website and then allowing the applet/ application to process the malicious XML data.
SDK and JRE 1.4.x are not affected.
5. Java Virtual Machine privilege escalation Vulnerability (CVE-2008-3107)
The Vulnerability in the Sun Java Virtual Machine of Sun Java Runtime Environment could allow remote attackers to gain privileges by loading a specially crafted application or applet in the vulnerable system from remote. The crafted application or applet can elevate its privileges to read and write local files or execute local applications in the context of the user running the untrusted application or applet.
6. Java Runtime Environment Font processing Vulnerability (CVE-2008-3108)
A vulnerability has identified in Java Runtime Environment (JRE) in the processing of fonts, which could be exploited to gain access to files on the target system or execute arbitrary applications residing on the target system. A remote attacker can exploit this vulnerability by
using a specially crafted applet or application that, when loaded by the target user, will cause a buffer overflow in the processing of fonts in Java Runtime Environment.
Only JDK and JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.2_17 and earlier, SDK and JRE 1.3.1_22 and earlier are affected by this vulnerability. JDK and JRE 6 are not affected by this vulnerability.
7. Java scripting language support privilege-escalation Vulnerability (CVE-2008-3109)
The Vulnerability in the scripting language support of Sun Java Runtime Environment could allow remote attackers to gain privileges by loading a specially crafted application or applet in the vulnerable system from remote. The specially crafted application or applet can grants itself privileges to read and write local files or execute local applications in the context of the user running the untrusted application or applet.
JDK and JRE 5.0, and SDK and JRE 1.4.x are not affected by this vulnerability.
8. Java scripting language support information disclosure Vulnerability (CVE-2008-3110)
Information disclosure Vulnerability also exists in the scripting language support of Sun Java Runtime Environment, which could allow remote attackers to gain privileges by loading a specially crafted application or applet in the vulnerable system from remote. The crafted application or applet can grant itself privileges to obtain sensitive information from another applet.
JDK and JRE 5.0, and SDK and JRE 1.4.x are not affected by this vulnerability.
9. Java Web Start Buffer overflow Privilege Escalation Vulnerability (CVE-2008-3111)
Multiple buffer overflow errors exist in Sun Java Web Start in JDK and JRE, which could be exploited by the remote attackers to gain privileges by loading a specially crafted Java Web Start application. The crafted application can grant itself privileges to read and write local files or execute local applications in the context of the user running the untrusted application.
JDK and JRE 6 Update 4 and above are not affected.
Workaround
-
Disable Java Web Start applications until the appropriate updates fixing the vulnerability can be installed
10. Java Web Start File Creation Vulnerability (CVE-2008-3112)
A vulnerability in Java Web Start exists, which could allow an attacker to create arbitrary files on the affected system with the permissions of the user running the Java Web Start application. This issue can be exploited by loading a maliciously crafted Java Web Start application from a website.
Workaround
- Disable Java Web Start applications until the appropriate updates fixing the vulnerability can be installed
11. Java Web Start File Deletion Vulnerability (CVE-2008-3113)
A File Deletion vulnerability in Java Web Start exists, which could allow an attacker to create and delete arbitrary files on the affected system with the permissions of the user running the Java Web Start application. This issue can be exploited by loading a maliciously crafted Java Web Start application from a website.
JDK and JRE 6 are not affected.
Workaround
-
Disable Java Web Start applications until the appropriate updates fixing the vulnerability can be installed
12. Java Web Start cache location disclosure Vulnerability (CVE-2008-3114)
A vulnerability in Java Web Start exists, which could allow a remote attacker to obtain sensitive information, i.e. Java Web Start cache location. This issue can be exploited by loading a maliciously crafted Java Web Start application from a website.
Workaround
- Disable Java Web Start applications until the appropriate updates fixing the vulnerability can be installed
13. Improper Secure Static Versioning Vulnerability
(CVE-2008-3115)
Secure Static Versioning was introduced in JDK and JRE 5.0 Update 6. After the installation of a JRE 5.0 Update 6 or later release, applets are not allowed to run on an older release of the JRE.
An error exists in the implementation of Secure Static Versioning, which could allow applets to run on an older release of JRE. If an older release is subsequently installed over a newer release, the Secure Static Versioning of JDK and JRE does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities present in the older releases.
Solutions
Apply appropriate updates as mentioned by the vendor.
Vendor Information
Sun Microsystems
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238628-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238666-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238687-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238905-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238965-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238966-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238967-1
http://sunsolve.sun.com/search/printfriendly.do?
assetkey=1-66-238968-1
References
Secunia
http://secunia.com/advisories/31010
SecurityFocus
http://www.securityfocus.com/bid/30146
http://www.securityfocus.com/bid/30140
http://www.securityfocus.com/bid/30143
http://www.securityfocus.com/bid/30141
http://www.securityfocus.com/bid/30147
http://www.securityfocus.com/bid/30144
http://www.securityfocus.com/bid/30142
SecurityTracker
http://securitytracker.com/alerts/2008/Jul/1020458.html
http://securitytracker.com/alerts/2008/Jul/1020459.html
http://securitytracker.com/alerts/2008/Jul/1020457.html
http://securitytracker.com/alerts/2008/Jul/1020455.html
http://securitytracker.com/alerts/2008/Jul/1020461.html
http://securitytracker.com/alerts/2008/Jul/1020456.html
http://securitytracker.com/alerts/2008/Jul/1020452.html
http://securitytracker.com/alerts/2008/Jul/1020460.html
CVE Name
CVE-2008-3103
CVE-2008-3104
CVE-2008-3105
CVE-2008-3106
CVE-2008-3107
CVE-2008-3108
CVE-2008-3109
CVE-2008-3110
CVE-2008-3111
CVE-2008-3112
CVE-2008-3113
CVE-2008-3115
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
