漏洞信息详情
多个厂商的Java虚拟机字节地址校验漏洞
- CNNVD编号:CNNVD-200203-044
- 危害等级: 高危
- CVE编号: CVE-2002-0076
- 漏洞类型: 设计错误
- 发布时间: 2002-03-19
- 威胁类型: 远程
- 更新时间: 2005-10-12
- 厂 商: sun
- 漏洞来源:
漏洞简介
Java虚拟机的实现存在漏洞,允许Java小程序突破安全机制限制。 这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作,Java小程序的操作因此会跳出安全机制的限制,从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。 <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba http://www.microsoft.com/technet/security/bulletin/MS02-013.asp *>
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 暂时没有好的临时解决方法。 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBUX0203-187)以及相应补丁:
HPSBUX0203-187:Sec. Vulnerability in JRE Bytecode Verifier
补丁下载:
HP Java JRE/JDK for HP-UX 1.1.8:
HP Upgrade Java JDK/JRE 1.1.8.06
http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.HTML
Java 1.1.8 for HP-UX到2002-10-9将废弃,建议用户升级到1.3.1版本。
HP Java JRE/JDK for HP-UX 1.2.2:
HP Upgrade Java JDK/JRE 1.2.2.12
http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.HTML
HP Java JRE/JDK for HP-UX 1.3:
HP Upgrade Java JDK/JRE 1.3.1.02
http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.HTML Microsoft --------- Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:
MS02-013:Java CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Applet Can Redirect Browser Traffic
链接: http://www.microsoft.com/technet/security/bulletin/MS02-013.asp
补丁下载:
Microsoft Upgrade msjavx86
http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe Sun --- Sun已经为此发布了一个安全公告(Sun-00218)以及相应补丁:
Sun-00218:Bytecode Verifier
链接: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
补丁下载:
Sun JRE (Solaris Production Release) 1.1.8_14:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JDK (Solaris Production Release) 1.1.8_14:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JRE (Windows Production Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JDK (Windows Production Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JDK (Solaris Reference Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JRE (Solaris Reference Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.HTML
Sun JRE (Solaris Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Solaris Reference Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Solaris Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Windows Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Solaris Reference Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Linux Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Windows Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Linux Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Windows Production Release) 1.3_05:
Sun SDK (Solaris Production Release) 1.3_05:
Sun JRE (Solaris Production Release) 1.3_05:
Sun SDK (Windows Production Release) 1.3_05:
Sun JRE (Linux Production Release) 1.3_05:
Sun SDK (Linux Production Release) 1.3_05:
Sun JRE (Windows Production Release) 1.3.1_01a:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Windows Production Release) 1.3.1_01a:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun JRE (Solaris Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Solaris Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Linux Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun JRE (Linux Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
参考网址
来源: MS 名称: MS02-013 链接:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp 来源: SUN 名称: 00218 链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218 来源: BID 名称: 4313 链接:http://www.securityfocus.com/bid/4313 来源: XF 名称: java-vm-verifier-variant(8480) 链接:http://www.iss.net/security_center/static/8480.php
受影响实体
- Sun Sdk:1.3_05
- Sun Sdk:1.3.1_01a
- Sun Sdk:1.3.1_01
- Sun Sdk:1.2.2_10
- Sun Sdk:1.2.2_010
补丁
暂无
评论