Sun Java JRE Multiple Vulnerabilities (244986 et al)

high Nessus Plugin ID 35030

Synopsis

The remote Windows host contains a runtime environment that is affected by multiple vulnerabilities.

Description

The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :

- The JRE creates temporary files with insufficiently random names. (244986)

- There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.
(244987)

- It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.

- There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)

- The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)

- A buffer overflow may allow an untrusted Java application that is launched through the commandline to escalate its privileges. (244990)

- A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to escalate its privileges. (244991)

- A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to escalate its privileges with unpacking applets and Java Web Start applications. (244992)

- The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)

- An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)

- A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)

- A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)

- Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to escalate privileges. (246366)

- An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.
(246386)

- The JRE allows code loaded from the local filesystem to access localhost. (246387)

Solution

Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove if necessary any affected versions.

See Also

https://download.oracle.com/sunalerts/1019736.1.html

https://download.oracle.com/sunalerts/1019737.1.html

https://download.oracle.com/sunalerts/1019738.1.html

https://download.oracle.com/sunalerts/1019739.1.html

https://download.oracle.com/sunalerts/1019740.1.html

https://download.oracle.com/sunalerts/1019741.1.html

https://download.oracle.com/sunalerts/1019742.1.html

https://download.oracle.com/sunalerts/1019759.1.html

https://download.oracle.com/sunalerts/1019793.1.html

https://download.oracle.com/sunalerts/1019794.1.html

https://download.oracle.com/sunalerts/1019797.1.html

https://download.oracle.com/sunalerts/1019798.1.html

https://download.oracle.com/sunalerts/1019799.1.html

https://download.oracle.com/sunalerts/1019800.1.html

https://www.oracle.com/technetwork/java/javase/6u11-139394.html

https://www.oracle.com/technetwork/java/javase/releasenotes-142123.html

https://www.oracle.com/technetwork/java/javase/releasenotes-138306.html

Plugin Details

Severity: High

ID: 35030

File Name: sun_java_jre_244986.nasl

Version: 1.34

Type: local

Agent: windows

Family: Windows

Published: 12/4/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:jre

Required KB Items: SMB/Java/JRE/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/3/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Sun Java Calendar Deserialization Privilege Escalation)

Elliot (Apache Tomcat File Disclosure)

Reference Information

CVE: CVE-2008-2086, CVE-2008-5339, CVE-2008-5340, CVE-2008-5341, CVE-2008-5342, CVE-2008-5343, CVE-2008-5344, CVE-2008-5345, CVE-2008-5346, CVE-2008-5347, CVE-2008-5348, CVE-2008-5349, CVE-2008-5350, CVE-2008-5351, CVE-2008-5352, CVE-2008-5353, CVE-2008-5354, CVE-2008-5355, CVE-2008-5356, CVE-2008-5357, CVE-2008-5358, CVE-2008-5359, CVE-2008-5360

BID: 30633, 32608, 32620, 32892

CWE: 119, 189, 200, 264, 287, 94