Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Unix host contains a runtime environment that is affected by
multiple vulnerabilities.

Description :

The version of Sun Java Runtime Environment (JRE) installed on the
remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 /
1.3.1_24. Such versions are potentially affected by the following
security issues :

- The JRE creates temporary files with insufficiently
random names. (244986)

- There are multiple buffer overflow vulnerabilities
involving the JRE's image processing code, its
handling of GIF images, and its font processing.
(244987)

- It may be possible for an attacker to bypass security
checks due to the manner in which it handles the
'non-shortest form' of UTF-8 byte sequences.

- There are multiple security vulnerabilities in Java
Web Start and Java Plug-in that may allow for privilege
escalation. (244988)

- The JRE Java Update mechanism does not check the digital
signature of the JRE that it downloads. (244989)

- A buffer overflow may allow an untrusted Java
application that is launched through the command line to
elevate its privileges. (244990)

- A vulnerability related to deserializing calendar
objects may allow an untrusted applet or application to
elevate its privileges. (244991)

- A buffer overflow affects the 'unpack200' JAR unpacking
utility and may allow an untrusted applet or application
to elevate its privileges with unpacking applets and
Java Web Start applications. (244992)

- The UTF-8 decoder accepts encodings longer than the
'shortest' form. Although not a vulnerability per se,
it may be leveraged to exploit software that relies on
the JRE UTF-8 decoder to reject the 'non-shortest form'
sequence. (245246)

- An untrusted applet or application may be able to list
the contents of the home directory of the user running
the applet or application. (246266)

- A denial of service vulnerability may be triggered when
the JRE handles certain RSA public keys. (246286)

- A vulnerability may be triggered while authenticating
users through Kerberos and lead to a system-wide denial
of service due to excessive consumption of operating
system resources. (246346)

- Security vulnerabilities in the JAX-WS and JAXB packages
where internal classes can be accessed may allow an
untrusted applet or application to elevate privileges.
(246366)

- An untrusted applet or application when parsing zip
files may be able to read arbitrary memory locations in
the process that the applet or application is running.
(246386)

- The JRE allows code loaded from the local filesystem to
access localhost. (246387)

See also :

http://download.oracle.com/sunalerts/1019736.1.html
http://download.oracle.com/sunalerts/1019737.1.html
http://download.oracle.com/sunalerts/1019738.1.html
http://download.oracle.com/sunalerts/1019739.1.html
http://download.oracle.com/sunalerts/1019740.1.html
http://download.oracle.com/sunalerts/1019741.1.html
http://download.oracle.com/sunalerts/1019742.1.html
http://download.oracle.com/sunalerts/1019759.1.html
http://download.oracle.com/sunalerts/1019793.1.html
http://download.oracle.com/sunalerts/1019794.1.html
http://download.oracle.com/sunalerts/1019797.1.html
http://download.oracle.com/sunalerts/1019798.1.html
http://download.oracle.com/sunalerts/1019799.1.html
http://download.oracle.com/sunalerts/1019800.1.html
http://www.oracle.com/technetwork/java/javase/6u11-139394.html
http://www.oracle.com/technetwork/java/index.html

Solution :

Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK
/ JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary,
any affected versions.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true