Sun Java Runtime Environment font parsing privilege escalation
| sun-java-font-privilege-escalation (36061) |  High Risk |
Description:
Sun Java Runtime Environment (JRE) could allow a remote attacker to gain elevated privileges on the system, caused by the improper parsing of fonts in Java applets. By persuading a victim to load a specially-crafted applet, a remote attacker could exploit this vulnerability to read and write local files or to execute local applications on the vulnerable system.
Platforms Affected:
- BEA, JRockit R27.3.1
- Gentoo, Linux
- Novell, Linux POS 9
- Novell, Open Enterprise Server
- Novell, SLE SDK 10 SP1
- Novell, SUSE Linux Enterprise Desktop 10 SP1
- Novell, SUSE Linux Enterprise Server 10 SP1
- Novell, SUSE Linux Enterprise Server 10
- RedHat, RHEL Desktop Supplementary 5 Client
- RedHat, RHEL Extras 3
- RedHat, RHEL Extras 4
- RedHat, RHEL Supplementary 5 Server
- Sun, JDK 1.5.0 Update9
- Sun, JDK 1.5.0 Update8
- Sun, JDK 1.5.0 Update7 B03
- Sun, JDK 1.5.0 Update7
- Sun, JDK 1.5.0 Update6
- Sun, JDK 1.5.0 Update5
- Sun, JDK 1.5.0 Update4
- Sun, JDK 1.5.0 Update3
- Sun, JDK 1.5.0 Update2
- Sun, JDK 1.5.0 Update1
- Sun, JDK 1.5.0
- Sun, JRE 1.4.2
- Sun, JRE 1.4.2 Update6
- Sun, JRE 1.4.2 Update1
- Sun, JRE 1.4.2 Update10
- Sun, JRE 1.4.2 Update11
- Sun, JRE 1.4.2 Update12
- Sun, JRE 1.4.2 Update13
- Sun, JRE 1.4.2 Update14
- Sun, JRE 1.4.2 Update2
- Sun, JRE 1.4.2 Update3
- Sun, JRE 1.4.2 Update4
- Sun, JRE 1.4.2 Update5
- Sun, JRE 1.4.2 Update7
- Sun, JRE 1.4.2 Update8
- Sun, JRE 1.4.2 Update9
- Sun, JRE 1.5.0
- Sun, JRE 1.5.0 Update7
- Sun, JRE 1.5.0 Update8
- Sun, JRE 1.5.0 Update9
- Sun, JRE 1.5.0 Update3
- Sun, JRE 1.5.0 Update1
- Sun, JRE 1.5.0 Update2
- Sun, JRE 1.5.0 Update6
- Sun, JRE 1.5.0 Update5
- Sun, JRE 1.5.0 Update4
- Sun, SDK 1.4.0
- Sun, SDK 1.4.0_01
- Sun, SDK 1.4.1
- Sun, SDK 1.4.2
- Sun, SDK 1.4.2_01
- Sun, SDK 1.4.2_02
- Sun, SDK 1.4.2_03
- Sun, SDK 1.4.2_04
- Sun, SDK 1.4.2_05
- Sun, SDK 1.4.2_06
- Sun, SDK 1.4.2_07
- Sun, SDK 1.4.2_08
- Sun, SDK 1.4.2_09
- Sun, SDK 1.4.2_10
- Sun, SDK 1.4.2_11
- Sun, SDK 1.4.2_12
- Sun, SDK 1.4.2_13
- Sun, SDK 1.4.2_14
- SuSE, SLE SDK 10
- SuSE, SuSE SLES 9
Remedy:
Refer to Sun Alert ID: 103024 for patch, upgrade, or suggested workaround information. See References.
For BEA Jrockit:
Refer to BEA07-177.00 for patch, upgrade, or suggested workaround information. See References.
For Gentoo Linux (BEA JRockit):
Refer to GLSA 200709-15 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
Consequences:
Gain Privileges
References:
- Apple Web site, About the security content of Java Release 6 for Mac OS X 10.4 at http://docs.info.apple.com/article.html?artnum=307177.
- BEA07-177.00, Multiple Security Vulnerabilities in the Java Runtime Environment at https://support.bea.com/application_content/product_portlets/securityadvisories/248.html.
- BugTraq Mailing List, Mon Oct 29 2007 - 16:21:03 CDT, Memory overwrites in JVM via malformed TrueType font at http://archives.neohapsis.com/archives/bugtraq/2007-10/0422.html.
- Sun Alert ID: 103024, Vulnerability in the Java Runtime Environment Font Parsing Code may Allow an Untrusted Applet to Elevate Privileges at http://sunsolve.sun.com/search/document.do?assetkey=1-26-103024-1.
- ASA-2007-365: Vulnerability in the Java Runtime Environment Font Parsing Code may Allow an Untrusted Applet to Elevate Privileges (Sun 103024)
- ASA-2007-465: java-1.5.0-bea security update (RHSA-2007-0956)
- ASA-2008-116: java-1.4.2-bea security update (RHSA-2008-0100)
- BID-25340: Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability
- CVE-2007-4381: Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.
- GLSA-200709-15: BEA JRockit: Multiple vulnerabilities
- RHSA-2007-0829: Critical: java-1.5.0-ibm security update
- RHSA-2007-0956: Moderate: java-1.5.0-bea security update
- RHSA-2007-1086: Moderate: java-1.4.2-bea security update
- RHSA-2008-0100: Moderate: java-1.4.2-bea security update
- RHSA-2008-0132: Critical: java-1.4.2-ibm security update
- SA26402: Sun JRE Font Parsing Vulnerability
- SA26631: BEA JRockit Multiple Vulnerabilities
- SA28115: Mac OS X Java Multiple Vulnerabilities
- SECTRACK ID: 1018576: Java Runtime Environment Font Parsing Bug Lets Remote Applets Gain Elevated Privileges
- SUSE-SA:2008:025: IBM Java security update
- VUPEN/ADV-2007-2910: Sun Java Runtime Environment Font Parsing Remote Command Execution
- VUPEN/ADV-2007-3009: BEA JRockit Multiple Remote Code Execution and Security Bypass Issues
- VUPEN/ADV-2007-4224: Apple Security Update Fixes Multiple Java for Mac OS X Vulnerabilities
Reported:
Aug 15, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net