Date: 21 April 2008
References: ESB-2008.0128 ESB-2008.0144
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0095 AUSCERT Advisory
[Win][UNIX/Linux]
Multiple vulnerabilities in BEA JRockit R27.5.0
21 April 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: BEA JRockit R27.5.0 and prior
Publisher: BEA
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Increased Privileges
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2008-0628
Member content until: Monday, May 19 2008
Ref: ESB-2008.0144
ESB-2008.0128
Original Bulletin: http://dev2dev.bea.com/pub/advisory/277
Comment: BEA Systems have released Security Advisory BEA08-201.00 relating to
multiple vulnerabilities in the Java Runtime Environment used in
BEA JRockit R27.5.0 and prior.
OVERVIEW:
BEA Systems have released Security Advisory BEA08-201.00 relating to
multiple vulnerabilities in the Java Runtime Environment used in
BEA JRockit R27.5.0 and prior.
IMPACT:
BEA state the following in their advisory [1]:
A Vulnerability in the Java Runtime Environment XML Parsing Code May
Allow URL Resources to be Accessed.
The Java Runtime Environment (JRE) by default allows
external entity references to be processed. To turn off
processing of external entity references, sites can set
the "external general entities" property to FALSE. This
property is provided since it may be possible to leverage
the processing of external entity references to access
certain URL resources (such as some files and web pages)
or create a Denial of Service (DoS) condition on the system
running the JRE. A defect in the JRE allows external entity
references to be processed even when the "external general
entities" property is set to FALSE.
For this vulnerability to be exploited, a trusted
application needs to process XML data that contains
malicious content. This vulnerability cannot be exploited
through an untrusted applet or untrusted Java Web Start
application.
Affected Releases:
# JRockit R27.5.0 JDK and JRE 6 Update 3 and earlier
Two Vulnerabilities in the Java Runtime Environment May
Independently Allow an Untrusted Application or Applet to
Elevate Privileges.
Two vulnerabilities in the Java Runtime Environment may
independently allow an untrusted application or applet
that is downloaded from a website to elevate its
privileges. For example, the application or applet may
grant itself permissions to read and write local files or
execute local applications that are accessible to the user
running the untrusted application or applet.
Affected Releases:
# JRockit R27.4.0 JDK and JRE 6 Update 1 and earlier
# JRockit R27.4.0 JDK and JRE 5.0 Update 13 and earlier
Note: These vulnerabilities have already been fixed in JRockit R27.5.0.
Security Vulnerability in the Java Runtime Environment
With the Processing of XSLT Transformations.
A security vulnerability in the Java Runtime Environment
(JRE) with the processing of XSLT transformations may allow
an untrusted applet or application that is downloaded from
a website to elevate its privileges. For example, an
applet may read certain unauthorized URL resources (such
as some files and web pages) or potentially execute
arbitrary code. This vulnerability may also be exploited
to create a Denial-of-Service (DoS) condition by causing
the JRE to crash.
Note: This Vulnerability only affects applets.
Affected Releases:
# JRockit R27.5.0 JDK and JRE 6 Update 3 and earlier
# JRockit R27.5.0 JDK and JRE 5.0 Update 14 and earlier
# JRockit R27.5.0 SDK and JRE 1.4.2_16 and earlier
Vulnerabilities in the Java Runtime Environment Image Parsing Library.
A vulnerability in the Java Runtime Environment image
parsing library may allow an untrusted application or
applet that is downloaded from a website to elevate its
privileges. For example, the application or applet may
grant itself permissions to read and write local files or
execute local applications that are accessible to the user
running the untrusted application or applet.
Two vulnerabilities in the color management library may
allow an untrusted applet or application or applet to cause
the Java Runtime Environment to crash, which is a type of
Denial of Service (DoS).
Affected Releases:
# JRockit R27.5.0 JDK and JRE 6 Update 3 and earlier
# JRockit R27.5.0 JDK and JRE 5.0 Update 14 and earlier
# JRockit R27.5.0 SDK and JRE 1.4.2_16 and earlier
MITIGATION:
Patches have been made available to fix these vulnerabilities.
Instructions for remediation and patch locations are provided in
the BEA security advisory [1].
REFERENCES:
[1] BEA Security Advisory BEA08-201.00
http://dev2dev.bea.com/pub/advisory/277
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSAw0pih9+71yA2DNAQIQVwP/R5w3hbGtZwEDq0GkjleTNym99+LrSUmj
V/tN0dqe2A3jYvhgSl5iZ8yThc+TogJBC3n41066N781QMQbm1Kujf2CTfuk6rfA
X0Aq0tZ5VcUIwEoouypG6dJupYNgZKdbt3aV07hScTUqGUGbA0q+s891NmhOFlz4
/AevDGXDjqk=
=Broz
-----END PGP SIGNATURE-----
|