Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-06-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sun JRE Vulnerabilities

Published: 2007-06-06
Last Updated: 2007-06-06 18:38:35 UTC
by Chris Carboni (Version: 1)
0 comment(s)
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Both vulnerabilities can be exploited in the following versions

  • JDK and JRE 6
  • JDK and JRE 5.0 Update 10 and earlier
  • SDK and JRE 1.4.2_14 and earlier
  • SDK and JRE 1.3.1_20 and earlier

Updates are available, see the Sun alert for full details.

HOD: Christopher Carboni
Keywords:
0 comment(s)

More PHP Phun

Published: 2007-06-06
Last Updated: 2007-06-06 15:48:49 UTC
by Chris Carboni (Version: 1)
0 comment(s)
Jack wrote in to tell us that US-CERT posted the following advisory:

US-CERT is aware of a publicly reported vulnerability in PHP. PHP version 5.2.3 may be vulnerable to an integer overflow within the chunk_split() function.

More information can be found in the following PHP Security Blog.

US-CERT will provide additional information as it becomes available.

Thanks Jack.

HOD: Christopher Carboni
Keywords:
0 comment(s)
Diary Archives