Vulnerability Bulletins |
Aumento de privilegios en Java Runtime Environment |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software | Java 2 Platform Standard Edition |
Description |
|
|
Se ha encontrado una vulnerabilidad del tipo desbordamiento de búfer en Java Runtime Environment en el código para parsear imágenes. La vulnerabilidad reside en un error no especificado. Un atacante remoto podría conseguir aumentar sus privilegios y provocar la terminación de la Java Virtual Machine mediante un applet malicioso. |
|
Solution |
|
|
Actualización de software Sun (102934) Java SE 6 / Update 1 http://java.sun.com/javase/downloads/index.jsp Java SE 6 / Solaris / Update 1 patch 125136-01 Java SE 6 / Solaris (64bit) / Update 1 patch 125137-01 Java SE 6_x86 / Solaris / Update 1 patch 125138-01 Java SE 6_x86 / Solaris (64bit) / Update 1 patch 125139-01 J2SE 5.0 http://java.sun.com/j2se/1.5.0/download.jsp J2SE 5.0 / Solaris / Update 11 patch 118666-11 J2SE 5.0 / Solaris (64bit) / Update 11 patch 118667-11 J2SE 5.0_x86 / Solaris / Update 11 patch 118668-11 J2SE 5.0_x86 / Solaris (64bit) / Update 11 patch 118669-11 J2SE 1.3.1_20 http://java.sun.com/j2se/1.3/download.html JRE 1.4.2_15 http://java.sun.com/j2se/1.4.2/download.html Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Apple Java Release 6 / Mac OS X 10.4 http://www.apple.com/support/downloads/javaformacosx104release6.html Red Hat (RHSA-2008:0100-4) RHEL Desktop Supplementary (v. 5 cliente) RHEL Supplementary (v. 5 servidor) Red Hat Enterprise Linux Extras (v. 3) Red Hat Enterprise Linux Extras (v. 4) https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2007-2788 CVE-2007-2789 |
| BID | |
Other resources |
|
|
Sun Alert Notification (102934) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102934-1 SUSE Security Advisory (SUSE-SA:2007:045) http://www.novell.com/linux/security/advisories/2007_45_java.html SUSE Security Advisory (SUSE-SA:2007:056) http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html Apple Security Update (307177) http://docs.info.apple.com/article.html?artnum=307177 Red Hat Security Advisory (RHSA-2008:0100-4) http://rhn.redhat.com/errata/RHSA-2008-0100.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-06-01 |
| 1.1 | Aviso actualizado por Sun (102934) | 2007-07-03 |
| 1.2 | CVE añadido | 2007-07-12 |
| 1.3 | Aviso emitido por Suse (SUSE-SA:2007:045) | 2007-07-20 |
| 1.4 | Aviso emitido por Suse (SUSE-SA:2007:056) | 2007-10-23 |
| 1.5 | Aviso emitido por Apple (307177) | 2007-12-17 |
| 1.6 | Aviso emitido por Red Hat (RHSA-2008:0100-4) | 2008-03-12 |