Multiple vulnerabilities have been identified in Sun Java, which could be exploited by remote attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
The first issue is caused by an unspecified error in the Java Management Extensions (JMX) management agent, which may allow a JMX client running on a remote host to perform unauthorized operations on a system running JMX with local monitoring enabled.
The second weakness is caused by an unspecified error in the Java Runtime Environment, which may allow an untrusted applet that is loaded from a remote system to circumvent network access restrictions and establish socket connections to certain services running on the local host.
The third vulnerability is caused by errors related to the processing of XML data, which could allow unauthorized access to certain URL resources.
The fourth issue is caused by an error in the Java Runtime Environment Virtual Machine, which may allow an untrusted application or applet that is downloaded from a website to elevate its privileges.
The fifth vulnerability is caused by a buffer overflow error within the processing of fonts in the Java Runtime Environment (JRE), which may allow an untrusted applet or application to elevate its privileges.
The sixth issue is caused by errors in the Java Runtime Environment relating to scripting language support, which may allow an untrusted applet or application to elevate its privileges or to access information from another applet.
The seventh vulnerability is caused by buffer overflow errors in Java Web Start, which may allow an untrusted Java Web Start application to elevate its privileges.
The eighth issue is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create arbitrary files with the permissions of the user running the untrusted Java Web Start application.
The ninth vulnerability is caused by an error in Java Web Start, which may allow an untrusted application downloaded from a website to create or delete arbitrary files with the permissions of the user running the untrusted Java Web Start application.
The tenth issue is caused by an error in Java Web Start, which may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache.
The eleventh vulnerability is caused by an error in the JDK/JRE Secure Static Versioning feature, which could cause applets to run on an older JRE/JDK release installed on the system.
Credits
Vulnerabilities reported by Gregory Fleischer, Fujitsu, John Heasman (NGSSoftware), Peter Csepely and Zero Day Initiative.
ChangeLog
2008-07-10 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
