Date: 28 July 2009
References: AL-2009.0040 ESB-2009.0474 ESB-2009.0519 ESB-2009.0585 ESB-2010.0282
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2009.1095
Security Vulnerability in the Simple Authentication and Security Layer
(SASL) Library Bundled with the Java Enterprise System (JES) may Allow
Unprivileged Users to Crash Applications Using the sasl_encode64 Function
28 July 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: SASL bundled with Java Enterprise System
Publisher: Sun Microsystems
Operating System: Solaris 8
Solaris 9
Solaris 10
Red Hat Enterprise Linux AS/ES/WS 3
Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Enterprise Linux Server 5
HP-UX
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch
CVE Names: CVE-2009-0688
Reference: AL-2009.0040
ESB-2009.0585
ESB-2009.0519
ESB-2009.0474
Original Bulletin:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1
- --------------------------BEGIN INCLUDED TEXT--------------------
Solution Type Sun Alert
Solution 264248 : Security Vulnerability in the Simple Authentication and
Security Layer (SASL) Library Bundled with the Java Enterprise System (JES)
may Allow Unprivileged Users to Crash Applications Using the sasl_encode64
Function
Bug ID
6843063
Product
Java Enterprise System
Date of Resolved Release
24-Jul-2009
SA Document Body
Security Vulnerability in the Java Enterprise System Simple Authentication and
Security Layer (SASL) library sasl_encode64 routine:
1. Impact
A buffer overflow security vulnerability in the Simple Authentication and
Security Layer (SASL) library bundled with the Java Enterprise System (JES)
may allow local or remote unprivileged users to crash applications which use
the sasl_encode64 SASL library function.
None of the Sun Java Enterprise System (JES) products which use SASL are
impacted by this issue however third-party applications that have a dynamic
dependency on the SASL library bundled with JES may be affected.
This vulnerability is also described in the following documents:
CERT VU#238019 at:
* http://www.kb.cert.org/vuls/id/238019
CVE-2009-0688 at:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688
Sun Alert 259148 at:
* http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* Solaris 8 (with package SUNWsasl installed) without patch 115328-08
* Solaris 9 (with package SUNWsasl installed) without patch 115342-08
* Solaris 10 (with package SUNWsasl installed) without patch 119345-07
x86 Platform
* Solaris 9 (with package SUNWsasl installed) without patch 115343-08
* Solaris 10 (with package SUNWsasl installed) without patch 119346-07
Linux Platform:
* RHEL 3.0 (with package sun-sasl installed) without patch 141938-01
* RHEL 4.0 (with package sun-sasl installed) without patch 141939-01
* RHEL 5.0 (with package sun-sasl installed) without patch 141939-01
HP-UX Platform:
* HP-UX 11.11 and above (with package sun-sasl installed) without patch
141940-01
To determine which patch level for sun-sasl is installed, the following
command may be used:
$ /usr/sbin/swlist 141940\*
Windows Platform:
* Windows 2000, XP, 2003 and above with Java Enterprise System 2005Q4
installed and without patch 141941-01
Note 1: Solaris 8 on the x86 platform does not bundle the Java Enterprise
System Simple Authentication and Security Layer (SASL), and therefore is not
vulnerable to this issue.
Note 2: This issue only occurs on systems that have the SUNWsasl package
installed. To determine if the package SUNWsasl is installed on a system, one
of the following commands can be used:
Solaris Platform:
$ /usr/bin/pkginfo -l SUNWsasl
Linux Platform:
$ /bin/rpm -q sun-sasl
Note: Linux "sun-sasl" packages 2.19-5 and earlier are vulnerable to this
issue.
HP-UX Platform:
$ /usr/sbin/swlist sun-sasl
Windows Platform:
Java Enterprise System Simple Authentication and Security Layer (SASL) can be
installed on the Windows Platform only via an installation of the Sun Java
Enterprise System 5 or higher.
To determine if Sun Java Enterprise System is installed, go to "Add or Remove
Programs" from the "Control Panel" and check if "Sun Java(TM) Enterprise System
5" is listed as being currently installed.
To determine the list of JES patches installed on the system, the following
command can be used:
<JES installation directory>\utils\patch\ListJavaESPatches.exe
3. Symptoms
If the described issue occurs, the application that links to the Java Enterprise
System Simple Authentication and Security Layer (SASL) library may crash,
potentially leaving a core file depending on the system configuration.
4. Workaround
There is no workaround for this issue. Please see the Resolution section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Solaris 8 with patch 115328-08 or later
* Solaris 9 with patch 115342-08 or later
* Solaris 10 with patch 119345-07 or later
x86 Platform
* Solaris 9 with patch 115343-08 or later
* Solaris 10 with patch 119346-07 or later
Linux Platform:
* RHEL 3.0 with patch 141938-01 or later
* RHEL 4.0 with patch 141939-01 or later
* RHEL 5.0 with patch 141939-01 or later
HP-UX Platform:
* HP-UX 11.11 and above with patch 141940-01 or later
Windows Platform:
* Windows 2000, XP, 2003 and above with patch 141941-01 or later
For more information on Security Sun Alerts, see Technical Instruction ID
213557.
This Sun Alert notification is being provided to you on an "AS IS" basis. This
Sun Alert notification may contain information provided by third parties. The
issues described in this Sun Alert notification may or may not impact your
system(s). Sun makes no representations, warranties, or guarantees as to the
information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING
THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert
notification contains Sun proprietary and confidential information. It is being
provided to you pursuant to the provisions of your agreement to purchase
services from Sun, or, if you do not have such an agreement, the Sun.com Terms
of Use. This Sun Alert notification may only be used for the purposes
contemplated by these agreements.
Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
CA 95054 U.S.A. All rights reserved.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKbkPeNVH5XJJInbgRAohNAJkBQF0Yqb7t1xjlSml90XzSagIEoQCcDnlB
mHjVjxxcdVrptxnqo2T8vmA=
=riI0
-----END PGP SIGNATURE-----
|