漏洞信息详情
Sun Java运行时环境JPEG图形解析整数溢出漏洞
- CNNVD编号:CNNVD-200908-014
- 危害等级: 中危
- CVE编号: CVE-2009-2674
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2009-08-05
- 威胁类型: 远程
- 更新时间: 2009-11-10
- 厂 商: sun
- 漏洞来源: ZDIhttp://www.zero...
漏洞简介
Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。 JRE中负责为Web Start应用加载JPEG启动屏幕的代码中存在整数溢出漏洞。在处理启动屏幕的某些部分时,javaws.exe错误的计算了之后所使用的内存分配,在之后的解压中Java Web Start会将数据写入错误分配的缓冲区中,最终会触发堆溢出,导致以当前用户权限执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Sun JDK (Windows Production Release) 1.6.0_02 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 6 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 2 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu icedtea6-plugin_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ub untu6.5_powerpc.deb Ubuntu openjdk-6-dbg_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-demo_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubu ntu6.5_powerpc.deb Ubuntu openjdk-6-doc_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_ 6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jdk_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-jre-headless_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6 b12-0ubuntu6.5_powerpc.deb Ubuntu openjdk-6-jre-lib_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre- lib_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jre_6b12-0ubuntu6.5_powerpc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubun tu6.5_powerpc.deb Ubuntu openjdk-6-source-files_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6- source-files_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-source_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-sour ce_6b12-0ubuntu6.5_all.deb Sun JRE 6.0 Update 10 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK (Windows Production Release) 1.6.0_01 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 14 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Ubuntu Ubuntu Linux 8.10 sparc Ubuntu icedtea6-plugin_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/icedtea6-plugin_6b12-0ub untu6.5_sparc.deb Ubuntu openjdk-6-dbg_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-dbg_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-demo_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-demo_6b12-0ubu ntu6.5_sparc.deb Ubuntu openjdk-6-doc_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-doc_ 6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jdk_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jdk_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-jre-headless_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre-headless_6 b12-0ubuntu6.5_sparc.deb Ubuntu openjdk-6-jre-lib_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-jre- lib_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-jre_6b12-0ubuntu6.5_sparc.deb http://ports.ubuntu.com/pool/main/o/openjdk-6/openjdk-6-jre_6b12-0ubun tu6.5_sparc.deb Ubuntu openjdk-6-source-files_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-6/openjdk-6- source-files_6b12-0ubuntu6.5_all.deb Ubuntu openjdk-6-source_6b12-0ubuntu6.5_all.deb http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6/openjdk-6-sour ce_6b12-0ubuntu6.5_all.deb Sun JDK 6.0 Update 13 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JRE 6.0 Update 7 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JRE 6.0 Update 3 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK 6.0 Update 4 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp Sun JDK (Linux Production Release) 1.6.0_02 Sun JDK and JRE 6 Update 15 http://java.sun.com/javase/downloads/index.jsp S.u.S.E. openSUSE 11.0 S.u.S.E. java-1_5_0-sun-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-1.5.0 _update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-1.5 .0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-alsa-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-alsa- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-alsa-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-als a-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-demo-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-demo- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-demo-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-dem o-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-devel-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-devel -1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-devel-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-dev el-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-jdbc-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-jdbc- 1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-jdbc-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-jdb c-1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_5_0-sun-plugin-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-plugi n-1.5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-src-1.5.0_update20-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_5_0-sun-src-1 .5.0_update20-0.1.i586.rpm S.u.S.E. java-1_5_0-sun-src-1.5.0_update20-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_5_0-sun-src -1.5.0_update20-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-1.6.0 .u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-1.6 .0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-alsa-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-alsa- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-alsa-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-als a-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-demo-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-demo- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-demo-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-dem o-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-devel-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-devel -1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-devel-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-dev el-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-jdbc-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-jdbc- 1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-jdbc-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-jdb c-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-plugin-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-plugi n-1.6.0.u15-0.1.i586.rpm S.u.S.E. java-1_6_0-sun-plugin-1.6.0.u15-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/java-1_6_0-sun-plu gin-1.6.0.u15-0.1.x86_64.rpm S.u.S.E. java-1_6_0-sun-src-1.6.0.u15-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/java-1_6_0-sun-src-1 .6.0.u15-0.1.i586.rpm S.u.S.E. java
参考网址
来源: US-CERT 名称: TA09-294A 链接:http://www.us-cert.gov/cas/techalerts/TA09-294A.HTML 来源: SUNALERT 名称: 263428 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-263428-1 来源: sunsolve.sun.com 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-21-125136-16-1 来源: FEDORA 名称: FEDORA-2009-8337 链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.HTML 来源: FEDORA 名称: FEDORA-2009-8329 链接:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.HTML 来源: REDHAT 名称: RHSA-2009:1201 链接:https://rhn.redhat.com/errata/RHSA-2009-1201.HTML 来源: REDHAT 名称: RHSA-2009:1200 链接:https://rhn.redhat.com/errata/RHSA-2009-1200.HTML 来源: XF 名称: sun-jre-jpeg-bo(52339) 链接:http://xforce.iss.net/xforce/xfdb/52339 来源: MISC 链接:http://www.zerodayinitiative.com/advisories/ZDI-09-050/ 来源: VUPEN 名称: ADV-2009-2543 链接:http://www.vupen.com/english/advisories/2009/2543 来源: www.oracle.com 链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.HTML 来源: MANDRIVA 名称: MDVSA-2009:209 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:209 来源: GENTOO 名称: GLSA-200911-02 链接:http://security.gentoo.org/glsa/glsa-200911-02.xml 来源: SECUNIA 名称: 37300 链接:http://secunia.com/advisories/37300 来源: SECUNIA 名称: 36248 链接:http://secunia.com/advisories/36248 来源: SECUNIA 名称: 36180 链接:http://secunia.com/advisories/36180 来源: SECUNIA 名称: 36176 链接:http://secunia.com/advisories/36176 来源: SECUNIA 名称: 36162 链接:http://secunia.com/advisories/36162 来源: HP 名称: SSRT090250 链接:http://marc.info/?l=bugtraq&m=125787273209737&w=2 来源: HP 名称: SSRT090250 链接:http://marc.info/?l=bugtraq&m=125787273209737&w=2 来源: SUSE 名称: SUSE-SA:2009:053 链接:http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.HTML 来源: SUSE 名称: SUSE-SR:2009:016 链接:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.HTML 来源: SUSE 名称: SUSE-SA:2009:043 链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00003.HTML 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2009-09-03-1 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2009/Sep/msg00000.HTML
受影响实体
- Sun Jre:6:Update_9
- Sun Jre:6:Update_7
- Sun Jre:6:Update_8
- Sun Jre:6:Update_10
- Sun Jre:6:Update_3
补丁
暂无
评论