A vulnerability in the Java Runtime Environment (JRE) with parsing XML data may allow a remote client to create a Denial of Service (DoS) condition on the system that the JRE runs on.

This issue is referenced in the following document:

Sun acknowledges with thanks, Jukka Taimisto, Tero Rontti and Rauli Kaksonen from the CROSS project at Codenomicon Ltd, and CERT-FI for bringing this issue to our attention.

Permalink | Comments [0]

An insufficient input validation vulnerability in the Solaris named(1M) daemon (part of the BIND 9 ISC distribution) may allow a remote unprivileged user to send a specially crafted dynamic update packet and crash the named(1M) daemon which is a type of Denial of Service (DoS).

This issue is also referenced in the following documents:

Permalink | Comments [0]

A security vulnerability in Sun VirtualBox 3.0 may allow a local unprivileged user inside of a VirtualBox virtual machine to be able to reboot the host operating system, which is a type of Denial of Service (DoS).

Permalink | Comments [0]

A security vulnerability in OpenSSO Enterprise 8.0 or Sun Java System Access Manager may allow a local or remote user to hang or cause memory corruption in the server process by sending specially crafted XML documents, resulting in a Denial of Service (DOS).

This issue is related to the vulnerabilities described in the following documents:

Permalink | Comments [0]

A security vulnerability in Sun Java System Access Manager related to the
CDCServlet component may result in policy advice being presented to the
wrong client. This could allow a remote unprivileged user to gain unauthorized
access to data belonging to other users.

Permalink | Comments [0]

A security vulnerability in Sun Java System Access Manager may disclose clear text passwords in debug files when the debug flag is enabled. This would allow a local unprivileged user to gain unauthorized access to user identities which are managed by Sun Java System Access Manager.

Permalink | Comments [0]

A security vulnerability in the Solaris XScreenSaver (see xscreensaver(1)) program may allow popup windows to appear through the lock screen and expose sensitive data on Xorg(1) servers (or Xnewt(1M) servers in the case of Sun Ray setups).

Permalink | Comments [0]

CR 6801071:
A security vulnerability in the Java Runtime Environment SOCKS proxy implementation may allow an untrusted applet or Java Web Start application to determine the username of the user running the applet or application.

A second vulnerability in the Java Runtime Environment proxy mechanism implementation may allow an untrusted applet or Java Web Start application to obtain browser cookies and leverage those cookies to hijack sessions.

CR 6801497:
A security vulnerability in the Java Runtime Environment proxy mechanism implementation may allow an untrusted applet or Java Web Start application to make non-authorized socket or URL connections to hosts other than the origin host.

Sun acknowledges, with thanks, Gregory Fleischer for bringing the first two issues to our attention.

Permalink | Comments [0]

A security vulnerability in the Active Template Library (ATL) in various releases of Microsoft Visual Studio that is used by the Java Web Start ActiveX control may allow the Java Web Start ActiveX control to be leveraged to execute arbitrary code. This may occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability.

Note: The Java Runtime Environment includes the Java Web Start technology which uses the Java Web Start ActiveX control to launch Java Web Start in Internet Explorer.

Sun acknowledges with thanks, Microsoft for bringing this issue to our attention. For more information, see the following:

Permalink | Comments [0]

Multiple security vulnerabilities with varying impacts affect Firefox (see firefox(1)) versions prior to 3.5 as shipped with OpenSolaris. These vulnerabilities may allow an unprivileged remote user to cause a Denial of Service (DoS) crash to the Firefox application or possibly execute arbitrary code on the system where Firefox is being run. Futher vulnerabilities may allow a remote user to perform Cross-Site Scripting (XSS) exploits and to gain unauthorized access to cookie data stored in the application, which could allow reading or modifying of data from other web sites or to obtain sensitive data stored in those cookies.

The following URL provides additional details about the vulnerabilities addressed in Firefox versions prior to 3.5:

The following Mozilla advisories describe the vulnerabilities:

The following are the CVE identifiers that pertain to these security issues:

Permalink | Comments [0]

An integer overflow vulnerability in the Java Runtime Environment with unpacking applets and Java Web Start applications using the unpack200 JAR unpacking utility may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

Sun acknowledges with thanks:

for bringing this issue to our attention.

Permalink | Comments [0]

An integer overflow vulnerability in the Java Runtime Environment when parsing JPEG images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java Web Start application.

Sun acknowledges with thanks, an anonymous researcher working with the Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com) for bringing this issue to our attention.

Permalink | Comments [0]

A security vulnerability in the Java Runtime Environment audio system may allow an untrusted applet or Java Web Start application to access "java.lang.System" properties.

Sun acknowledges, with thanks, Sami Koivu for bringing this issue to our attention.

Permalink | Comments [0]

A vulnerability with verifying HMAC-based XML digital signatures in the XML Digital Signature implementation included with the Java Runtime Environment (JRE) may allow authentication to be bypassed. This could allow a user to forge an XML digital signature that would be accepted as valid. Applications that validate HMAC-based XML digital signatures may be vulnerable to this type of attack.

Note: This vulnerability cannot be exploited by an untrusted applet or Java Web Start application.

This issue is also described in the following document:

CERT VU#466161 at: http://www.kb.cert.org/vuls/id/466161
CVE-2009-0217 at: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

Sun acknowledges, with thanks, Thomas Roessler from the W3C for bringing this issue to our attention.

Permalink | Comments [0]

A security vulnerability in the JNLPAppletLauncher may impact users of the Sun JDK and JRE. Non-current versions of the JNLPAppletLauncher may be re-purposed with an untrusted Java applet to write arbitrary files on the system of the user downloading and running the untrusted applet.

The JNLPAppletLauncher is a general purpose JNLP-based applet launcher class for deploying applets that use extension libraries containing native code.

For more information about JNLPAppletlauncher, see https://applet-launcher.dev.java.net/

Sun acknowledges with thanks, John Heasman for bringing this issue to our attention.

Permalink | Comments [0]