Sun Java JRE Multiple Vulnerabilities (244986 et al) (Unix)
Critical Nessus Plugin ID 64828
Synopsis
The remote Unix host contains a runtime environment that is affected by multiple vulnerabilities.
Description
The version of Sun Java Runtime Environment (JRE) installed on the remote host is earlier than 6 Update 11 / 5.0 Update 17 / 1.4.2_19 / 1.3.1_24. Such versions are potentially affected by the following security issues :
- The JRE creates temporary files with insufficiently random names. (244986)
- There are multiple buffer overflow vulnerabilities involving the JRE's image processing code, its handling of GIF images, and its font processing.
(244987)
- It may be possible for an attacker to bypass security checks due to the manner in which it handles the 'non-shortest form' of UTF-8 byte sequences.
- There are multiple security vulnerabilities in Java Web Start and Java Plug-in that may allow for privilege escalation. (244988)
- The JRE Java Update mechanism does not check the digital signature of the JRE that it downloads. (244989)
- A buffer overflow may allow an untrusted Java application that is launched through the command line to elevate its privileges. (244990)
- A vulnerability related to deserializing calendar objects may allow an untrusted applet or application to elevate its privileges. (244991)
- A buffer overflow affects the 'unpack200' JAR unpacking utility and may allow an untrusted applet or application to elevate its privileges with unpacking applets and Java Web Start applications. (244992)
- The UTF-8 decoder accepts encodings longer than the 'shortest' form. Although not a vulnerability per se, it may be leveraged to exploit software that relies on the JRE UTF-8 decoder to reject the 'non-shortest form' sequence. (245246)
- An untrusted applet or application may be able to list the contents of the home directory of the user running the applet or application. (246266)
- A denial of service vulnerability may be triggered when the JRE handles certain RSA public keys. (246286)
- A vulnerability may be triggered while authenticating users through Kerberos and lead to a system-wide denial of service due to excessive consumption of operating system resources. (246346)
- Security vulnerabilities in the JAX-WS and JAXB packages where internal classes can be accessed may allow an untrusted applet or application to elevate privileges.
(246366)
- An untrusted applet or application when parsing zip files may be able to read arbitrary memory locations in the process that the applet or application is running.
(246386)
- The JRE allows code loaded from the local filesystem to access localhost. (246387)
Solution
Update to Sun Java JDK / JRE 6 Update 11, JDK / JRE 5.0 Update 17, SDK / JRE 1.4.2_19, or SDK / JRE 1.3.1_24 or later and remove, if necessary, any affected versions.