ID CVE-2007-2789
Summary The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
References
Vulnerable Configurations
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • cpe:2.3:o:unix:unix
    cpe:2.3:o:unix:unix
  • Sun JDK 1.3.1_19
    cpe:2.3:a:sun:jdk:1.3.1:update19
  • Sun JDK 1.4.2_14
    cpe:2.3:a:sun:jdk:1.4.2:update14
  • Sun JDK 5.0 Update10
    cpe:2.3:a:sun:jdk:1.5.0:update10
  • Sun JDK 1.5.0_11 b03
    cpe:2.3:a:sun:jdk:1.5.0:update11_b03
  • Sun JDK 1.6.0_01-b06
    cpe:2.3:a:sun:jdk:1.6.0:update1_b06
  • Sun JRE 1.3.1_19
    cpe:2.3:a:sun:jre:1.3.1:update19
  • Sun JRE 1.3.1_03
    cpe:2.3:a:sun:jre:1.3.1_03
  • Sun JRE 1.3.1_04
    cpe:2.3:a:sun:jre:1.3.1_04
  • Sun JRE 1.3.1_05
    cpe:2.3:a:sun:jre:1.3.1_05
  • Sun JRE 1.3.1_06
    cpe:2.3:a:sun:jre:1.3.1_06
  • Sun JRE 1.3.1_07
    cpe:2.3:a:sun:jre:1.3.1_07
  • Sun JRE 1.3.1_08
    cpe:2.3:a:sun:jre:1.3.1_08
  • Sun JRE 1.3.1_09
    cpe:2.3:a:sun:jre:1.3.1_09
  • Sun JRE 1.3.1_10
    cpe:2.3:a:sun:jre:1.3.1_10
  • Sun JRE 1.3.1_11
    cpe:2.3:a:sun:jre:1.3.1_11
  • Sun JRE 1.3.1_12
    cpe:2.3:a:sun:jre:1.3.1_12
  • Sun JRE 1.3.1_13
    cpe:2.3:a:sun:jre:1.3.1_13
  • Sun JRE 1.3.1_14
    cpe:2.3:a:sun:jre:1.3.1_14
  • Sun JRE 1.3.1_15
    cpe:2.3:a:sun:jre:1.3.1_15
  • Sun JRE 1.3.1_16
    cpe:2.3:a:sun:jre:1.3.1_16
  • Sun JRE 1.3.1_17
    cpe:2.3:a:sun:jre:1.3.1_17
  • Sun JRE 1.3.1_18
    cpe:2.3:a:sun:jre:1.3.1_18
  • Sun JRE 1.3.1_19
    cpe:2.3:a:sun:jre:1.3.1_19
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2:update14
  • Sun JRE 1.4.2_1
    cpe:2.3:a:sun:jre:1.4.2_1
  • Sun JRE 1.4.2_2
    cpe:2.3:a:sun:jre:1.4.2_2
  • Sun JRE 1.4.2_3
    cpe:2.3:a:sun:jre:1.4.2_3
  • Sun JRE 1.4.2_4
    cpe:2.3:a:sun:jre:1.4.2_4
  • Sun JRE 1.4.2_5
    cpe:2.3:a:sun:jre:1.4.2_5
  • Sun JRE 1.4.2_6
    cpe:2.3:a:sun:jre:1.4.2_6
  • Sun JRE 1.4.2_7
    cpe:2.3:a:sun:jre:1.4.2_7
  • Sun JRE 1.4.2_8
    cpe:2.3:a:sun:jre:1.4.2_8
  • Sun JRE 1.4.2_9
    cpe:2.3:a:sun:jre:1.4.2_9
  • Sun JRE 1.4.2_10
    cpe:2.3:a:sun:jre:1.4.2_10
  • Sun JRE 1.4.2_11
    cpe:2.3:a:sun:jre:1.4.2_11
  • Sun JRE 1.4.2_12
    cpe:2.3:a:sun:jre:1.4.2_12
  • Sun JRE 1.4.2_13
    cpe:2.3:a:sun:jre:1.4.2_13
  • Sun JRE 1.4.2_14
    cpe:2.3:a:sun:jre:1.4.2_14
  • Sun JRE 1.4.2_25
    cpe:2.3:a:sun:jre:1.4.2_25
  • Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
    cpe:2.3:a:sun:jre:1.5.0:update10
  • cpe:2.3:a:sun:jre:1.5.0_11-b03
    cpe:2.3:a:sun:jre:1.5.0_11-b03
  • cpe:2.3:a:sun:jre:1.6.0_01-b06
    cpe:2.3:a:sun:jre:1.6.0_01-b06
  • cpe:2.3:a:sun:jre:5.0:update_1
    cpe:2.3:a:sun:jre:5.0:update_1
  • cpe:2.3:a:sun:jre:5.0:update_10
    cpe:2.3:a:sun:jre:5.0:update_10
  • cpe:2.3:a:sun:jre:5.0:update_2
    cpe:2.3:a:sun:jre:5.0:update_2
  • cpe:2.3:a:sun:jre:5.0:update_3
    cpe:2.3:a:sun:jre:5.0:update_3
  • cpe:2.3:a:sun:jre:5.0:update_4
    cpe:2.3:a:sun:jre:5.0:update_4
  • cpe:2.3:a:sun:jre:5.0:update_5
    cpe:2.3:a:sun:jre:5.0:update_5
  • cpe:2.3:a:sun:jre:5.0:update_6
    cpe:2.3:a:sun:jre:5.0:update_6
  • cpe:2.3:a:sun:jre:5.0:update_7
    cpe:2.3:a:sun:jre:5.0:update_7
  • cpe:2.3:a:sun:jre:5.0:update_8
    cpe:2.3:a:sun:jre:5.0:update_8
  • cpe:2.3:a:sun:jre:5.0:update_9
    cpe:2.3:a:sun:jre:5.0:update_9
  • cpe:2.3:a:sun:jre:6
    cpe:2.3:a:sun:jre:6
CVSS
Base: 4.3 (as of 22-05-2007 - 16:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0133.NASL
    description IBMJava2-JRE and IBMJava2-SDK packages that correct several security issues are available for Red Hat Enterprise Linux 2.1. IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A buffer overflow was found in the Java Runtime Environment image-handling code. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) These updated packages also add the following enhancements : * Time zone information has been updated to the latest available information, 2007h. * Accessibility support in AWT can now be disabled through a system property, java.assistive. To support this change, permission to read this property must be added to /opt/IBMJava2-131/jre/lib/security/java.policy. Users of IBMJava2 who have modified this file should add this following line to the grant section : permission java.util.PropertyPermission 'java.assistive', 'read'; All users of IBMJava2 should upgrade to these updated packages, which contain IBM's 1.3.1 SR11 Java release, which resolves these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 33247
    published 2008-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33247
    title RHEL 2.1 : IBMJava2 (RHSA-2008:0133)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0956.NASL
    description Updated java-1.5.0-bea packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.5.0_11 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.5.0_11 and are certified for the Java 5 Platform, Standard Edition, v1.5.0. A flaw was found in the BEA Java Runtime Environment GIF image handling. If an application processes untrusted GIF image input, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-0243) A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.5.0_11 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the 'appletviewer' application. (CVE-2007-3005) A cross site scripting (XSS) flaw was found in the Javadoc tool. An attacker could inject arbitrary content into a Javadoc generated HTML documentation page, possibly tricking a user or stealing sensitive information. (CVE-2007-3503) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-bea-1.5.0 should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.5.0_11 release that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 40708
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40708
    title RHEL 4 / 5 : java-1.5.0-bea (RHSA-2007:0956)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0100.NASL
    description Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_16 JRE and SDK contains BEA WebLogic JRockit Virtual Machine 1.4.2_16 and is certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker could induce a server application to process a specially crafted image file, the attacker could potentially cause a denial-of-service or execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processed font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. The same flaw could, potentially, crash a server application which processed untrusted font information from a third party. (CVE-2007-4381) A flaw in the applet caching mechanism of the Java Runtime Environment (JRE) did not correctly process the creation of network connections. A remote attacker could use this flaw to create connections to services on machines other than the one that the applet was downloaded from. (CVE-2007-5232) Untrusted Java Applets were able to drag and drop files to a desktop application. A user-assisted remote attacker could use this flaw to move or copy arbitrary files. (CVE-2007-5239) The Java Runtime Environment (JRE) allowed untrusted Java Applets or applications to display over-sized windows. This could be used by remote attackers to hide security warning banners. (CVE-2007-5240) Unsigned Java Applets communicating via a HTTP proxy could allow a remote attacker to violate the Java security model. A cached, malicious Applet could create network connections to services on other machines. (CVE-2007-5273) Please note: the vulnerabilities noted above concerned with applets can only be triggered in java-1.4.2-bea by calling the 'appletviewer' application. All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_16 release which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 40712
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40712
    title RHEL 3 / 4 / 5 : java-1.4.2-bea (RHSA-2008:0100)
  • NASL family Windows
    NASL id SUN_JAVA_JRE_102934.NASL
    description According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 25370
    published 2007-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25370
    title Sun Java JRE Image Parsing Vulnerabilities (102934)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200804-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200804-20 (Sun JDK/JRE: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Sun Java: Daniel Soeder discovered that a long codebase attribute string in a JNLP file will overflow a stack variable when launched by Java WebStart (CVE-2007-3655). Multiple vulnerabilities (CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) that were previously reported as GLSA 200705-23 and GLSA 200706-08 also affect 1.4 and 1.6 SLOTs, which was not mentioned in the initial revision of said GLSAs. The Zero Day Initiative, TippingPoint and John Heasman reported multiple buffer overflows and unspecified vulnerabilities in Java Web Start (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191). Hisashi Kojima of Fujitsu and JPCERT/CC reported a security issue when performing XSLT transformations (CVE-2008-1187). CERT/CC reported a Stack-based buffer overflow in Java Web Start when using JNLP files (CVE-2008-1196). Azul Systems reported an unspecified vulnerability that allows applets to escalate their privileges (CVE-2007-5689). Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and David Byrne discovered multiple instances where Java applets or JavaScript programs run within browsers do not pin DNS hostnames to a single IP address, allowing for DNS rebinding attacks (CVE-2007-5232, CVE-2007-5273, CVE-2007-5274). Peter Csepely reported that Java Web Start does not properly enforce access restrictions for untrusted applications (CVE-2007-5237, CVE-2007-5238). Java Web Start does not properly enforce access restrictions for untrusted Java applications and applets, when handling drag-and-drop operations (CVE-2007-5239). Giorgio Maone discovered that warnings for untrusted code can be hidden under applications' windows (CVE-2007-5240). Fujitsu reported two security issues where security restrictions of web applets and applications were not properly enforced (CVE-2008-1185, CVE-2008-1186). John Heasman of NGSSoftware discovered that the Java Plug-in does not properly enforce the same origin policy (CVE-2008-1192). Chris Evans of the Google Security Team discovered multiple unspecified vulnerabilities within the Java Runtime Environment Image Parsing Library (CVE-2008-1193, CVE-2008-1194). Gregory Fleischer reported that web content fetched via the 'jar:' protocol was not subject to network access restrictions (CVE-2008-1195). Chris Evans and Johannes Henkel of the Google Security Team reported that the XML parsing code retrieves external entities even when that feature is disabled (CVE-2008-0628). Multiple unspecified vulnerabilities might allow for escalation of privileges (CVE-2008-0657). Impact : A remote attacker could entice a user to run a specially crafted applet on a website or start an application in Java Web Start to execute arbitrary code outside of the Java sandbox and of the Java security restrictions with the privileges of the user running Java. The attacker could also obtain sensitive information, create, modify, rename and read local files, execute local applications, establish connections in the local network, bypass the same origin policy, and cause a Denial of Service via multiple vectors. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 32013
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32013
    title GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0829.NASL
    description Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges, allowing it to read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435) A buffer overflow in the Java Runtime Environment image handling code was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503) The Java Web Start URL parsing component contains a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655) A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922) All users of java-ibm-1.5.0 should upgrade to these updated packages, which contain IBM's 1.5.0 SR5a Java release that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 40706
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40706
    title RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2007:0829)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-IBM-4542.NASL
    description The IBM Java JRE/SDK has been brought to release 1.4.2 SR9, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-2788 / CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005) A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. - A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. (CVE-2007-3655) - A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2007-3922) For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29470
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29470
    title SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 4542)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-SUN-3832.NASL
    description The Sun JAVA JDK 1.5.0 was upgraded to release 12 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 27280
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27280
    title openSUSE 10 Security Update : java-1_5_0-sun (java-1_5_0-sun-3832)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-SUN-3844.NASL
    description The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : - Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. (CVE-2007-2788 / CVE-2007-3004) - The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. (CVE-2007-2789 / CVE-2007-3005) - Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. (CVE-2007-0243)
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 29472
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29472
    title SuSE 10 Security Update : Java (ZYPP Patch Number 3844)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200705-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200705-23 (Sun JDK/JRE: Multiple vulnerabilities) An unspecified vulnerability involving an 'incorrect use of system classes' was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files. Impact : A remote attacker could entice a user to run a specially crafted Java class or applet that will trigger one of the vulnerabilities. This could lead to the execution of arbitrary code outside of the Java sandbox and of the Java security restrictions, or crash the Java application or the browser. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25382
    published 2007-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25382
    title GLSA-200705-23 : Sun JDK/JRE: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1086.NASL
    description Updated java-1.4.2-bea packages that correct several security issues and add enhancements are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The BEA WebLogic JRockit 1.4.2_15 JRE and SDK contain BEA WebLogic JRockit Virtual Machine 1.4.2_15 and are certified for the Java 2 Platform, Standard Edition, v1.4.2. A buffer overflow in the Java Runtime Environment image handling code was found. If an attacker is able to cause a server application to process a specially crafted image file, it may be possible to execute arbitrary code as the user running the Java Virtual Machine. (CVE-2007-2788, CVE-2007-2789, CVE-2007-3004) A denial of service flaw was discovered in the Java Applet Viewer. An untrusted Java applet could cause the Java Virtual Machine to become unresponsive. Please note that the BEA WebLogic JRockit 1.4.2_15 does not ship with a browser plug-in and therefore this issue could only be triggered by a user running the 'appletviewer' application. (CVE-2007-3005) A denial of service flaw was found in the way the JSSE component processed SSL/TLS handshake requests. A remote attacker able to connect to a JSSE enabled service could send a specially crafted handshake which would cause the Java Runtime Environment to stop responding to future requests. (CVE-2007-3698) A flaw was found in the way the Java Runtime Environment processes font data. An applet viewed via the 'appletviewer' application could elevate its privileges, allowing the applet to perform actions with the same permissions as the user running the 'appletviewer' application. It may also be possible to crash a server application which processes untrusted font information from a third party. (CVE-2007-4381) All users of java-1.4.2-bea should upgrade to these updated packages, which contain the BEA WebLogic JRockit 1.4.2_15 release that resolves these issues.
    last seen 2019-02-21
    modified 2017-01-10
    plugin id 63846
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63846
    title RHEL 4 : java-1.4.2-bea (RHSA-2007:1086)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_5_0-IBM-4544.NASL
    description The IBM Java JRE/SDK has been brought to release 1.5.0 SR5a, containing several bugfixes, including the following security fixes : - A buffer overflow vulnerability in the image parsing code in the Java(TM) Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. (CVE-2007-2788 / CVE-2007-2789 / CVE-2007-3004 / CVE-2007-3005) A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. - A buffer overflow vulnerability in the Java Web Start URL parsing code may allow an untrusted application to elevate its privileges. For example, an application may grant itself permissions to read and write local files or execute local applications with the privileges of the user running the Java Web Start application. (CVE-2007-3655) - A security vulnerability in the Java Runtime Environment Applet Class Loader may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host, as if it were loaded from the system that the applet is running on. This may allow the untrusted remote applet the ability to exploit any security vulnerabilities existing in the services it has connected to. (CVE-2007-3922) For more information see: http://www-128.ibm.com/developerworks/java/jdk/alerts/
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29475
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29475
    title SuSE 10 Security Update : IBM Java 1.5.0 (ZYPP Patch Number 4544)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200709-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200709-15 (BEA JRockit: Multiple vulnerabilities) An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities. Impact : A remote attacker could trigger the integer overflow to execute arbitrary code or crash the JVM through a specially crafted file. Also, an attacker could perform unauthorized actions via an applet that grants certain privileges to itself because of the font parsing vulnerability. The error when processing XSLT stylesheets can be exploited to execute arbitrary code. Other vulnerabilities could lead to establishing restricted network connections to certain services, Cross Site Scripting and Denial of Service attacks. Workaround : There is no known workaround at this time for all these vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 26117
    published 2007-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26117
    title GLSA-200709-15 : BEA JRockit: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0261.NASL
    description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. During an internal security review, a cross-site scripting flaw was found that affected the Red Hat Network channel search feature. (CVE-2007-5961) This release also corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Two arbitrary code execution flaws were fixed in the OpenMotif package. (CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 5.0 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43835
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43835
    title RHEL 4 : Satellite Server (RHSA-2008:0261)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0524.NASL
    description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server components. This update has been rated as having low security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server 4.2. In a typical operating environment, these components are not exposed to users of Satellite Server in a vulnerable manner. These security updates will reduce risk in unique Satellite Server environments. Multiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting, denial-of-service, or information disclosure attacks. (CVE-2004-0885, CVE-2006-5752, CVE-2006-7197, CVE-2007-1860, CVE-2007-3304, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388) A denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349) A denial-of-service flaw was fixed in the jabberd server. (CVE-2006-1329) Multiple cross-site scripting flaws were fixed in the image map feature in the JFreeChart package. (CVE-2007-6306) Multiple flaws were fixed in the IBM Java 1.4.2 Runtime. (CVE-2007-0243, CVE-2007-2435, CVE-2007-2788, CVE-2007-2789) Multiple flaws were fixed in the OpenMotif package. (CVE-2004-0687, CVE-2004-0688, CVE-2004-0914, CVE-2005-3964, CVE-2005-0605) A flaw which could result in weak encryption was fixed in the perl-Crypt-CBC package. (CVE-2006-0898) Multiple flaws were fixed in the Tomcat package. (CVE-2008-0128, CVE-2007-5461, CVE-2007-3385, CVE-2007-3382, CVE-2007-1358, CVE-2007-1355, CVE-2007-2450, CVE-2007-2449, CVE-2007-0450, CVE-2006-7196, CVE-2006-7195, CVE-2006-3835, CVE-2006-0254, CVE-2005-2090, CVE-2005-4838, CVE-2005-3510) Users of Red Hat Network Satellite Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 43837
    published 2010-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43837
    title RHEL 3 / 4 : Satellite Server (RHSA-2008:0524)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200706-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-200706-08 (emul-linux-x86-java: Multiple vulnerabilities) Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an 'incorrect use of system classes' was reported by the Fujitsu security team. Impact : A remote attacker could entice a user to open a specially crafted image, possibly resulting in the execution of arbitrary code with the privileges of the user running Emul-linux-x86-java. They also could entice a user to open a specially crafted BMP image, resulting in a Denial of Service. Note that these vulnerabilities may also be triggered by a tool processing image files automatically. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 25593
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25593
    title GLSA-200706-08 : emul-linux-x86-java: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_JAVA-1_4_2-SUN-3843.NASL
    description The Sun JAVA JDK 1.4.2 was upgraded to release 15 to fix various bugs, including the following security bugs : CVE-2007-2788 / CVE-2007-3004: Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit (JDK), allows remote attackers to execute arbitrary code or cause a denial of service (JVM crash) via a crafted JPEG or BMP file. CVE-2007-2789 / CVE-2007-3005: The BMP image parser in Sun Java Development Kit (JDK), on Unix/Linux systems, allows remote attackers to trigger the opening of arbitrary local files via a crafted BMP file, which causes a denial of service (system hang) in certain cases such as /dev/tty, and has other unspecified impact. CVE-2007-0243: Buffer overflow in Sun JDK and Java Runtime Environment (JRE) allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 27276
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27276
    title openSUSE 10 Security Update : java-1_4_2-sun (java-1_4_2-sun-3843)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_JAVA_REL6.NASL
    description The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's KeyChain. To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 29702
    published 2007-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29702
    title Mac OS X : Java for Mac OS X 10.4 Release 6
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0817.NASL
    description Updated java-1.4.2-ibm packages to correct a set of security issues are now available for Red Hat Enterprise Linux 3 and 4 Extras and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.4.2 SR9 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. A security vulnerability in the Java Web Start component was discovered. An untrusted application could elevate it's privileges and read and write local files that are accessible to the user running the Java Web Start application. (CVE-2007-2435) A buffer overflow in the image code JRE was found. An untrusted applet or application could use this flaw to elevate its privileges and potentially execute arbitrary code as the user running the java virtual machine. (CVE-2007-3004) An unspecified vulnerability was discovered in the Java Runtime Environment. An untrusted applet or application could cause the java virtual machine to become unresponsive. (CVE-2007-3005) All users of java-1.4.2-ibm should upgrade to these updated packages, which contain IBM's 1.4.2 SR9 Java release that resolves these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 40705
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40705
    title RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2007:0817)
  • NASL family Misc.
    NASL id SUN_JAVA_JRE_102934_UNIX.NASL
    description According to its version number, the Sun Java Runtime Environment (JRE) installed on the remote host reportedly is affected by a buffer overflow in its image processing code as well as another issue that may cause the Java Virtual Machine to hang.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 64821
    published 2013-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64821
    title Sun Java JRE Image Parsing Vulnerabilities (102934) (Unix)
oval via4
accepted 2010-09-06T04:05:58.816-04:00
class vulnerability
contributors
name Aharon Chernin
organization SCAP.com, LLC
description The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
family unix
id oval:org.mitre.oval:def:10800
status accepted
submitted 2010-07-09T03:56:16-04:00
title The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 and earlier, when running on Unix/Linux systems, allows remote attackers to cause a denial of service (JVM hang) via untrusted applets or applications that open arbitrary local files via a crafted BMP file, such as /dev/tty.
version 7
redhat via4
advisories
  • rhsa
    id RHSA-2007:0817
  • rhsa
    id RHSA-2007:0829
  • rhsa
    id RHSA-2007:0956
  • rhsa
    id RHSA-2007:1086
  • rhsa
    id RHSA-2008:0100
  • rhsa
    id RHSA-2008:0133
  • rhsa
    id RHSA-2008:0261
refmap via4
apple APPLE-SA-2007-12-14
bea BEA07-177.00
bid 24004
confirm
gentoo
  • GLSA-200705-23
  • GLSA-200706-08
  • GLSA-200709-15
  • GLSA-200804-20
  • GLSA-200804-28
  • GLSA-200806-11
misc
sectrack 1018182
secunia
  • 25295
  • 25474
  • 25832
  • 26049
  • 26119
  • 26311
  • 26369
  • 26631
  • 26645
  • 26933
  • 27203
  • 27266
  • 28056
  • 28115
  • 29340
  • 29858
  • 30780
  • 30805
sunalert
  • 102934
  • 200856
suse
  • SUSE-SA:2007:045
  • SUSE-SA:2007:056
vim
  • 20070703 Sun JDK Confusion
  • 20070704 [theall at tenablesecurity.com: Sun JDK Confusion] (fwd)
  • 20070711 Sun JDK Confusion
  • 20071218 Sun JDK Confusion Revisited
vupen
  • ADV-2007-1836
  • ADV-2007-3009
  • ADV-2007-4224
xf
  • sun-java-virtual-machine-dos(34654)
  • sunjava-bmp-dos(34320)
Last major update 07-03-2011 - 00:00
Published 21-05-2007 - 20:30
Last modified 10-10-2017 - 21:32
Back to Top