PCWorks: Sun Java Web Start JNLP File Processing Buffer Overflow

Fri, 13 Jul 2007 12:04:57 -0700 

Sun Java Web Start JNLP File Processing Buffer Overflow

Secunia Advisory:       SA25981
Release Date:   2007-07-10
Last Update:    2007-07-11

Critical:
Highly critical
Impact: System access
Where:  From remote
Solution Status: Vendor Patch

Software: Java Web Start 1.x
Sun Java JDK 1.5.x
Sun Java JDK 1.6.x
Sun Java JRE 1.5.x / 5.x
Sun Java JRE 1.6.x / 6.x

CVE reference:  CVE-2007-3655 (Secunia mirror)

        
Description:
A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the Java Web Start component (javaws.exe) when processing JNLP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted JNLP file with an overly long codebase attribute.
Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website. 

The vulnerability is reported in the following versions:
* JRE and JDK 6 Update 1 and earlier
* JRE and JDK 5 Update 11, and earlier
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: 
http://secunia.com/software_inspector/

Solution:
Apply updates.

JRE/JDK 5 Update 12:
http://java.sun.com/javase/downloads/index_jdk5.jsp

JRE/JDK 6 Update 2:
http://java.sun.com/javase/downloads/index.jsp

Provided and/or discovered by:
Daniel Soeder, eEye Digital Security

The vendor also credits Brett Moore.

Changelog:
2007-07-11: Added CVE reference. Updated "Title", "Description" and "Solution". Added JDK as affected product. 

Original Advisory:
Sun:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

eEye:
http://research.eeye.com/html/advisories/published/AD20070705.html

http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064552.html
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

Reply via email to