Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title BEA JRockit: Multiple vulnerabilities
Informations
Name GLSA-200709-15 First vendor Publication 2007-09-23
Vendor Gentoo Last vendor Modification 2007-09-23
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

BEA JRockit contains several vulnerabilities, some of which may allow the execution of arbitrary code.

Background

BEA JRockit provides tools, utilities, and a complete runtime environment for developing and running applications using the Java programming language.

Description

An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities.

Impact

A remote attacker could trigger the integer overflow to execute arbitrary code or crash the JVM through a specially crafted file. Also, an attacker could perform unauthorized actions via an applet that grants certain privileges to itself because of the font parsing vulnerability. The error when processing XSLT stylesheets can be exploited to execute arbitrary code. Other vulnerabilities could lead to establishing restricted network connections to certain services, Cross Site Scripting and Denial of Service attacks.

Workaround

There is no known workaround at this time for all these vulnerabilities.

Resolution

All BEA JRockit users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/jrockit-jdk-bin-1.5.0.11_p1"

References

[ 1 ] CVE-2007-2788 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788
[ 2 ] CVE-2007-2789 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789
[ 3 ] CVE-2007-3004 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3004
[ 4 ] CVE-2007-3005 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3005
[ 5 ] CVE-2007-3503 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3503
[ 6 ] CVE-2007-3698 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698
[ 7 ] CVE-2007-3716 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716
[ 8 ] CVE-2007-3922 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3922
[ 9 ] CVE-2007-4381 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4381

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200709-15.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200709-15.xml

CWE : Common Weakness Enumeration

% Id Name
20 % CWE-399 Resource Management Errors
20 % CWE-189 Numeric Errors (CWE/SANS Top 25)
20 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
20 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10290
 
Oval ID: oval:org.mitre.oval:def:10290
Title: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4381
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10387
 
Oval ID: oval:org.mitre.oval:def:10387
Title: Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
Description: Unspecified vulnerability in the Java Runtime Environment (JRE) Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to certain localhost services running on the machine that loaded the applet.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3922
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10634
 
Oval ID: oval:org.mitre.oval:def:10634
Title: The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
Description: The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3698
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10704
 
Oval ID: oval:org.mitre.oval:def:10704
Title: The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Description: The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2007-3503
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10800
 
Oval ID: oval:org.mitre.oval:def:10800
Title: The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
Description: The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2789
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11700
 
Oval ID: oval:org.mitre.oval:def:11700
Title: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Description: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_20 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file that triggers a buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2007-2788
 Version: 3
Platform(s): Red Hat Enterprise Linux Extras 3
Red Hat Enterprise Linux Extras 4
Red Hat Enterprise Linux Extras 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21711
 
Oval ID: oval:org.mitre.oval:def:21711
Title: ELSA-2007:0817: java-1.4.2-ibm security update (Critical)
Description: The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
Family: unix Class: patch
Reference(s): ELSA-2007:0817-01
CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
 Version: 17
Platform(s): Oracle Linux 5
 Product(s): java-1.4.2-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21855
 
Oval ID: oval:org.mitre.oval:def:21855
Title: ELSA-2007:0829: java-1.5.0-ibm security update (Critical)
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: patch
Reference(s): ELSA-2007:0829-01
CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
CVE-2007-3503
CVE-2007-3655
CVE-2007-3922
CVE-2007-4381
 Version: 33
Platform(s): Oracle Linux 5
 Product(s): java-1.5.0-ibm
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22641
 
Oval ID: oval:org.mitre.oval:def:22641
Title: ELSA-2007:0956: java-1.5.0-bea security update (Moderate)
Description: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
Family: unix Class: patch
Reference(s): ELSA-2007:0956-01
CVE-2007-0243
CVE-2007-2788
CVE-2007-2789
CVE-2007-3503
CVE-2007-3698
CVE-2007-4381
 Version: 29
Platform(s): Oracle Linux 5
 Product(s): java-1.5.0-bea
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 359
Application 395
Application 90

OpenVAS Exploits

Date Description
2009-10-13 Name : SLES10: Security update for IBM Java 1.5.0
File : nvt/sles10_java-1_5_0-ibm4.nasl
2009-10-13 Name : SLES10: Security update for IBM Java 1.4.2
File : nvt/sles10_java-1_4_2-ibm3.nasl
2009-10-10 Name : SLES9: Security update for IBM Java 2 JRE and SDK
File : nvt/sles9p5023603.nasl
2009-10-10 Name : SLES9: Security update for IBM Java 5 and JRE
File : nvt/sles9p5023460.nasl
2009-10-10 Name : SLES9: Security update for IBMJava5-JRE,IBMJava5-SDK
File : nvt/sles9p5021818.nasl
2009-10-10 Name : SLES9: Security update for IBM Java2 JRE and SDK
File : nvt/sles9p5015890.nasl
2009-10-10 Name : SLES9: Security update for Java 2
File : nvt/sles9p5015291.nasl
2009-06-05 Name : Ubuntu USN-723-1 (git-core)
File : nvt/ubuntu_723_1.nasl
2009-03-06 Name : RedHat Update for IBMJava2 RHSA-2008:0133-01
File : nvt/gb_RHSA-2008_0133-01_IBMJava2.nasl
2009-01-28 Name : SuSE Update for IBM Java SUSE-SA:2007:056
File : nvt/gb_suse_2007_056.nasl
2009-01-28 Name : SuSE Update for IBM Java, Sun Java SUSE-SA:2007:045
File : nvt/gb_suse_2007_045.nasl
2009-01-23 Name : SuSE Update for IBMJava2,IBMJava5,java-1_4_2-ibm,java-1_5_0-ibm SUSE-SA:2008...
File : nvt/gb_suse_2008_025.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-28 (jrockit-jdk-bin)
File : nvt/glsa_200804_28.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200806-11 (ibm-jdk-bin ibm-jre-bin)
File : nvt/glsa_200806_11.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200804-20 (sun-jdk, sun-jre-bin, emul-linux-x86...
File : nvt/glsa_200804_20.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200709-15 (jrockit-jdk-bin)
File : nvt/glsa_200709_15.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200706-08 (emul-linux-x86-java)
File : nvt/glsa_200706_08.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-23 (sun-jdk,sun-jre-bin)
File : nvt/glsa_200705_23.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-243-01 java (jre, jdk)
File : nvt/esoft_slk_ssa_2007_243_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
37766 Sun Java JDK / JRE TrueType Font Parsing Memory Overwrite
36664 Sun Java JDK / JRE XML Digital Signature XSLT Stylesheet Handling Arbitrary C...
36663 Sun JDK / JDE Crafted SSL/TLS Handshake Request Remote DoS
36662 Sun JDK / JDE Applet Class Loader Outbound Connection Bypass
36488 Sun Java JDK JavaDoc HTML Documentation Page XSS
36202 Sun Java JDK / JRE Unspecified Remote DoS
36201 Sun Java Runtime Environment Image Parsing Overflow
36200 Sun Java JDK BMP Parsing Remote Privilege Escalation
36199 Sun Java JDK Embedded ICC Profile Image Parser Overflow

Snort® IPS/IDS

Date Description
2014-01-10 Oracle JDK image parsing library ICC buffer overflow attempt
RuleID : 17727 - Revision : 14 - Type : FILE-OTHER
2014-01-10 Sun JDK image parsing library ICC buffer overflow attempt
RuleID : 15328 - Revision : 6 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date Description
2013-02-22 Name : The remote Unix host has an application that is affected by a privilege escal...
File : sun_java_jre_103024_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host has an application that may allow arbitrary command inje...
File : sun_java_jre_102993_unix.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host has an application that is affected by several vulnerabi...
File : sun_java_jre_102934_unix.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1086.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0818.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080114_jdk__java__on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071128_jdk__java__on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12142.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0132.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0100.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0817.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0829.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0956.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2008-0002.nasl - Type : ACT_GATHER_INFO
2009-06-15 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38148.nasl - Type : ACT_GATHER_INFO
2009-06-15 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38147.nasl - Type : ACT_GATHER_INFO
2008-11-25 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_38761.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0133.nasl - Type : ACT_GATHER_INFO
2008-04-25 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-5182.nasl - Type : ACT_GATHER_INFO
2008-04-25 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-5183.nasl - Type : ACT_GATHER_INFO
2008-04-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200804-20.nasl - Type : ACT_GATHER_INFO
2007-12-17 Name : The remote host is affected by multiple vulnerabilities.
File : macosx_java_rel6.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-4687.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-4544.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-ibm-4542.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_4_2-sun-3844.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_37182.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_37183.nasl - Type : ACT_GATHER_INFO
2007-11-20 Name : The remote HP-UX host is missing a security-related patch.
File : hpux_PHSS_37197.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_5_0-sun-3832.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_java-1_4_2-sun-3843.nasl - Type : ACT_GATHER_INFO
2007-09-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200709-15.nasl - Type : ACT_GATHER_INFO
2007-09-03 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-243-01.nasl - Type : ACT_GATHER_INFO
2007-08-17 Name : The remote Windows host has an application that is affected by a privilege es...
File : sun_java_jre_103024.nasl - Type : ACT_GATHER_INFO
2007-07-16 Name : The remote Windows host has an application that may allow arbitrary command i...
File : sun_java_jre_102993.nasl - Type : ACT_GATHER_INFO
2007-06-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200706-08.nasl - Type : ACT_GATHER_INFO
2007-06-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-23.nasl - Type : ACT_GATHER_INFO
2007-06-02 Name : The remote Windows host has an application that is affected by several vulner...
File : sun_java_jre_102934.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:07
  • Multiple Updates