漏洞信息详情
SUN JRE SDK JDK 缓冲区错误漏洞
- CNNVD编号:CNNVD-200807-164
- 危害等级: 中危
- CVE编号: CVE-2008-3108
- 漏洞类型: 缓冲区错误
- 发布时间: 2008-07-09
- 威胁类型: 远程
- 更新时间: 2019-08-08
- 厂 商: sun
- 漏洞来源: John Heasman※ nisr...
漏洞简介
Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。
SUN JDK和JRE 5.0 Update 10之前版本中JRE;SDK和 JRE 1.4.2_18之前的1.4.x版本;SDK 和 JRE 1.3.1_23之前的1.3.x版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
参考网址
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2008-1043.HTML
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-200911-02.xml
来源:CERT
链接:http://www.us-cert.gov/cas/techalerts/TA08-193A.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/32180
来源:SUNALERT
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1
来源:CONFIRM
链接:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=751014
来源:SECUNIA
链接:http://secunia.com/advisories/32179
来源:SECUNIA
链接:http://secunia.com/advisories/31320
来源:SECUNIA
链接:http://secunia.com/advisories/32018
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/2056/references
来源:SECUNIA
链接:http://secunia.com/advisories/31600
来源:VUPEN
链接:http://www.vupen.com/english/advisories/2008/2740
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.HTML
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/43656
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/37386
来源:BID
链接:https://www.securityfocus.com/bid/30147
来源:SECTRACK
链接:http://www.securitytracker.com/id?1020461
来源:CONFIRM
链接:https://www.vmware.com/security/advisories/VMSA-2008-0016.HTML
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2008-1044.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/31010
来源:SECUNIA
链接:http://secunia.com/advisories/31497
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3179
来源:CONFIRM
链接:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=756717
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=122331139823057&w=2
来源:SECUNIA
链接:http://secunia.com/advisories/33236
来源:CONFIRM
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-300.htm
来源:SECUNIA
链接:http://secunia.com/advisories/33237
来源:CONFIRM
链接:http://www.vmware.com/security/advisories/VMSA-2008-0016.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/31736
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.HTML
来源:CONFIRM
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm
来源:CONFIRM
链接:http://support.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/kb/HT3178
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2008-0790.HTML
来源:BUGTRAQ
链接:http://www.securityfocus.com/archive/1/497041/100/0/threaded
来源:CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce//2008/Sep/msg00008.HTML
受影响实体
- Sun Jre:5.0:Update_9
- Sun Sdk:1.4.2_17
- Sun Sdk:1.4.2_09
- Sun Sdk:1.4.2_08
- Sun Sdk:1.4.2_07
补丁
暂无
评论