---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Sun Java JDK / JRE Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37255 VERIFY ADVISORY: http://secunia.com/advisories/37255/ DESCRIPTION: Multiple vulnerabilities have been reported in Sun Java, where some have an unknown impact and others can be exploited by malicious people to manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. 1) An error in the implementation of the "HeadspaceSoundbank" class can be exploited to cause a stack-based buffer overflow via a crafted Soundbank file with an overly long name. 2) An error in the implementation of the "HeadspaceSoundbank" class can be exploited to cause a heap-based buffer overflow via a crafted Soundbank file with an overly long record. 3) An input validation error in the processing of image files can be exploited to cause a heap-based buffer overflow, e.g. if a user visits a web page containing a specially crafted java applet. Successful exploitation of these vulnerabilities allows execution of arbitrary code. 4) Unspecified vulnerabilities exist in the ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Java Plug-in, Pack200, Sound, and HotSpot Server components. 5) An error in the JSSE component while handling TLS session re-negotiations can be exploited to manipulate certain data. For more information: SA37291 5) An unspecified error in the Java Web Start, Java Plug-in component can be exploited to manipulate certain data or cause a DoS. 6) Two unspecified errors in the Java Runtime Environment can be exploited to disclose unspecified information. 7) An unspecified error in the Java Web Start, Java Plug-in component can be exploited to cause a DoS. SOLUTION: Update to a fixed version. JDK and JRE 6 Update 19: http://java.sun.com/javase/downloads/index.jsp JDK 5.0 Update 24 for Solaris (for Solaris Component Use Only): http://sunsolve.sun.com/search/document.do?assetkey=1-61-255468-1 SDK 1.4.2_26 for Solaris (for Solaris Component Use Only): http://sunsolve.sun.com/search/document.do?assetkey=1-61-255468-1 PROVIDED AND/OR DISCOVERED BY: 1, 2) Dyon Balding, Secunia Research. 3) regenrecht, reported via iDefense. The vendor also credits: * Steve Dispensa , PhoneFactor * Stephen Fewer, iDefense * Brian Graversen, Signaturgruppen * Sami Koivu, TippingPoint's Zero Day Initiative * Alexandre Pelletier and Sebastian Renaud of Vupen Security * Marsh Ray, PhoneFactor * Regenrecht, iDefense * Regenrecht, TippingPoint's Zero Day Initiative# * Marc Schoenefeld, Red Hat * Peter Vreugendhil, TippingPoint's Zero Day Initiative ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-49/ http://secunia.com/secunia_research/2009-50/ Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=865 OTHER REFERENCES: SA37291: http://secunia.com/advisories/37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------