Sun Java运行时环境JPEG图形解析整数溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-23 15:00:23 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Sun Java运行时环境JPEG图形解析整数溢出漏洞

  • CNNVD编号:CNNVD-200908-014
  • 危害等级: 中危
  • CVE编号: CVE-2009-2674
  • 漏洞类型: 权限许可和访问控制
  • 发布时间: 2009-08-05
  • 威胁类型: 远程
  • 更新时间: 2009-11-10
  • 厂        商: sun
  • 漏洞来源: ZDIhttp://www.zero...

漏洞简介

Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 JRE中负责为Web Start应用加载JPEG启动屏幕的代码中存在整数溢出漏洞。在处理启动屏幕的某些部分时,javaws.exe错误的计算了之后所使用的内存分配,在之后的解压中Java Web Start会将数据写入错误分配的缓冲区中,最终会触发堆溢出,导致以当前用户权限执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Sun JDK (Windows Production Release) 1.6.0_02 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 6 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 2 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu icedtea6-plugin_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ub untu6.5_powerpc.deb Ubuntu openjdk-6-dbg_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-demo_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubu ntu6.5_powerpc.deb Ubuntu openjdk-6-doc_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_ 6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jdk_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-jre-headless_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6 b12-0ubuntu6.5_powerpc.deb Ubuntu openjdk-6-jre-lib_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre- lib_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jre_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-source-files_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6- source-files_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-source_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-sour ce_6b12-0ubuntu6.5_all.deb Sun JRE 6.0 Update 10 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 14 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Ubuntu Ubuntu Linux 8.10 sparc Ubuntu icedtea6-plugin_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ub untu6.5_sparc.deb Ubuntu openjdk-6-dbg_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-demo_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubu ntu6.5_sparc.deb Ubuntu openjdk-6-doc_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_ 6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jdk_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-jre-headless_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6 b12-0ubuntu6.5_sparc.deb Ubuntu openjdk-6-jre-lib_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre- lib_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jre_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-source-files_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6- source-files_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-source_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-sour ce_6b12-0ubuntu6.5_all.deb Sun JDK 6.0 Update 13 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JRE 6.0 Update 7 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JRE 6.0 Update 3 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 4 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK (Linux Production Release) 1.6.0_02 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp S.u.S.E. openSUSE 11.0 S.u.S.E. java-1_5_0-sun-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-1.5.0 _update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-1.5 .0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-alsa-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-alsa- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-alsa-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-als a-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-demo-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-demo- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-demo-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-dem o-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-devel-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-devel -1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-devel-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-dev el-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-jdbc-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-jdbc- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-jdbc-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-jdb c-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-plugin-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-plugi n-1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-src-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-src-1 .5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-src-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-src -1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-1.6.0 .u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-1.6 .0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-alsa-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-alsa- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-alsa-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-als a-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-demo-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-demo- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-demo-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-dem o-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-devel-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-devel -1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-devel-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-dev el-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-jdbc-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-jdbc- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-jdbc-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-jdb c-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-plugin-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-plugi n-1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-plugin-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-plu gin-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-src-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-src-1 .6.0.u15-0.1.i586.rpm S.u.S.E. java

参考网址

来源: US-CERT 名称: TA09-294A 链接:http://www.us-cert.gov/cas/techalerts/TA09-294A.HTML 来源: SUNALERT 名称: 263428 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1 来源: sunsolve.sun.com 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 来源: FEDORA 名称: FEDORA-2009-8337 链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.HTML 来源: FEDORA 名称: FEDORA-2009-8329 链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.HTML 来源: REDHAT 名称: RHSA-2009:1201 链接:https://rhn.redhat.com/errata/RHSA-2009-1201.HTML 来源: REDHAT 名称: RHSA-2009:1200 链接:https://rhn.redhat.com/errata/RHSA-2009-1200.HTML 来源: XF 名称: sun-jre-jpeg-bo(52339) 链接:http://xforce.iss.net/xforce/xfdb/52339 来源: MISC 链接:http://www.zerodayinitiative.com/advisories/ZDI-09-050/ 来源: VUPEN 名称: ADV-2009-2543 链接:http://www.vupen.com/english/advisories/2009/2543 来源: www.oracle.com 链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.HTML 来源: MANDRIVA 名称: MDVSA-2009:209 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 来源: GENTOO 名称: GLSA-200911-02 链接:http://security.gentoo.org/glsa/glsa-200911-02.xml 来源: SECUNIA 名称: 37300 链接:http://secunia.com/advisories/37300 来源: SECUNIA 名称: 36248 链接:http://secunia.com/advisories/36248 来源: SECUNIA 名称: 36180 链接:http://secunia.com/advisories/36180 来源: SECUNIA 名称: 36176 链接:http://secunia.com/advisories/36176 来源: SECUNIA 名称: 36162 链接:http://secunia.com/advisories/36162 来源: HP 名称: SSRT090250 链接:http://marc.info/?l=bugtraq&m=125787273209737&w=2 来源: HP 名称: SSRT090250 链接:http://marc.info/?l=bugtraq&m=125787273209737&w=2 来源: SUSE 名称: SUSE-SA:2009:053 链接:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.HTML 来源: SUSE 名称: SUSE-SR:2009:016 链接:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.HTML 来源: SUSE 名称: SUSE-SA:2009:043 链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.HTML 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-09-03-1 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Sep/msg00000.HTML

受影响实体

  • Sun Jre:6:Update_9  
  • Sun Jre:6:Update_7  
  • Sun Jre:6:Update_8  
  • Sun Jre:6:Update_10  
  • Sun Jre:6:Update_3  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0