[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sun] DoS Schwachstelle in Java Runtime Environment - Sun Alert ID: 57555

To: win-sec-ssc@xxxxxxxxxxx
Subject: [Sun] DoS Schwachstelle in Java Runtime Environment - Sun Alert ID: 57555
From: win-sec-ssc@xxxxxxxxxxx
Date: Tue, 11 May 2004 16:25:20 +0200 (CEST)
Delivery-date: Tue, 11 May 2004 15:59:58 +0200
Envelope-to: win-sec-ssc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Resent-date: Tue, 11 May 2004 15:58:38 +0200
Resent-date: Tue, 11 May 2004 15:59:58 +0200
Resent-from: owner-win-sec-ssc@xxxxxxxxxxx (Alias Mail Delivery User (postfix))
Resent-message-id: <16544.56334.162711.90438@xxxxxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns das nachfolgende Bulletin des SUN Customer Warning
System. Wir geben diese Informationen unveraendert an Sie weiter.

  Sun Alert ID: 57555

  Eine Schwachstelle im Java Runtime Environment ermoeglicht einem
  entfernten unpriviligiertem Angreifer einen Denial of Service (DoS)
  Angriff auf die Anwendungen und Server, die in dem Runtime Environment
  laufen.


Betroffen sind die folgenden Software Pakete und Plattformen:

    Windows Production Releases 
       * SDK und JRE 1.4.2_03 und fruehere 1.4.2 Versionen
         
     Solaris Operating Environment Releases 
       * SDK und JRE 1.4.2_03 und fruehere 1.4.2 Versionen
         
     Linux Production Releases
       * SDK und JRE 1.4.2_03 und fruehere 1.4.2 Versionen

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,


           Jan Kohlrausch, DFN-CERT

- --
Jan Kohlrausch (CSIRT), DFN-CERT Services GmbH
Web: https://www.dfn-cert.de/, Phone: +49-40-808077-555
PGP RSA/2048, A5DD03D1, A2 55 1C 51 0A 30 3E 78  5B 40 DA B7 14 F7 C9 E8




 
- -----BEGIN PGP SIGNED MESSAGE-----

- - ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 209/04 dated 10.05.04  Time: 14:55  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- - ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- - ----------------------------------------------------------------------------------

Title
=====

Java Runtime Environment Remote Denial of Service(DoS) Vulnerability

Detail
====== 

A vulnerability in the Java Runtime Environment may allow a remote
unprivileged user to cause the Java Virtual Machine to become unresponsive
resulting in a Denial of Service (DoS) condition for the  runtime
environment and servers that run on the runtime environment.







       ESB-2004.0333 -- Sun Alert Notification - Sun Alert ID: 57555
   Java Runtime Environment Remote Denial of Service(DoS) Vulnerability
                                10 May 2004


Product:                Java JRE/SDK
Publisher:              Sun Microsystems
Operating System:       Windows
                        Solaris
                        Linux
Impact:                 Denial of Service
Access Required:        Remote

Original Bulletin:
         http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555

- - - --------------------------BEGIN INCLUDED TEXT--------------------

   DOCUMENT ID: 57555
   SYNOPSIS: Java Runtime Environment Remote Denial of Service(DoS)
   Vulnerability
   DETAIL DESCRIPTION:
   
Sun(sm) Alert Notification

     * Sun Alert ID: 57555
     * Synopsis: Java Runtime Environment Remote Denial of Service (DoS)
       Vulnerability
     * Category: Security
     * Product: Java JRE/SDK
     * BugIDs: 4879522
     * Avoidance: Upgrade
     * State: Resolved
     * Date Released: 06-May-2004
     * Date Closed: 06-May-2004
     * Date Modified:
       
1. Impact

   A vulnerability in the Java Runtime Environment may allow a remote
   unprivileged user to cause the Java Virtual Machine to become
   unresponsive resulting in a Denial of Service (DoS) condition for the
   runtime environment and servers that run on the runtime environment.
   
2. Contributing Factors

   This issue can occur in the following releases:
   
   Windows Production Releases 
     * SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
       
   Solaris Operating Environment Releases 
     * SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
       
   Linux Production Releases
     * SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
       
   Note: Releases prior to 1.4.2 are not affected.
   
   To determine the release of an installation, run the "java" command
   with the "-fullversion" option:
    $ java -fullversion
    java full version "1.4.2_04-b03
      

3. Symptoms

   If the described issue occurs, the Java Runtime Environment is
   unresponsive.
   SOLUTION SUMMARY:
   
4. Relief/Workaround

   There is no workaround. Please see the "Resolution" section below.
   
5. Resolution

   This issue is addressed in the following releases:
   
   Windows Production Releases
     * SDK and JRE 1.4.2_04 or later 1.4.2 releases
       
   Solaris Operating Environment Releases
     * SDK and JRE 1.4.2_04 or later 1.4.2 releases
       
   Linux Production Releases
     * SDK and JRE 1.4.2_04 or later 1.4.2 releases
       
   SDK and JRE releases are available at: [1]http://java.sun.com/j2se/
   
   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.
   
   Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved.
   

References

   1. http://java.sun.com/j2se/


- - ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- - ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Sun Microsystems for the information 
contained in this Briefing. 
- - ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- - ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQJ+JKYpao72zK539AQEmHwP/YVTBLFpozQgRQWOMgKsMyhvckKl+Pv9o
BAFBzfInUe2IUg5EdHs4aebkA/F+guVMaEjXyuwadWaGRr5F0sNZSE7ek3O0897Y
wqn/OU4J1A8gM7t2xKvTh4lOV1MqYVRifTB1dlhysoJ6H2xFFzPTTFQRhxmaqEGL
F05tvMLJXg4=
=OZZI
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iQEVAwUBQKDcCuI9ttyl3QPRAQEMHgf/fpLlmd00eXKzuthIYK8qtIazez3XLlkC
N4IlceWy4EvUBUnc2yUKPHj97cSfDZEr0dzQ3ktk5tA4TGKfDfPcviUsK0NbChRK
3ktciQEl4wduz74p35PKvgkvq+EyDdcj1dFzNWl6bx36TQ60G9oT7Q/PBPTjX8Vk
1X3h1ZNssNQuv28voT+661iEql36KMPxc1VbOFMUHcOk1SVcnAIFrvNn3oKEaeu3
jrznKw8oF029VBpEPViaOYJxCvKB7M1wyDKHWNlRTpzxwgTxpaooszeG4En28FGX
0BCZKpwi1mJOTVpyNC799S+nI4HLQzRFC0Pb2rQoTWJowFOOJlnEfA==
=BOxW
-----END PGP SIGNATURE-----
Prev by Date: BUSINESS PROPOSAL
Next by Date: [SCO] Schwache Authentifizierung durch X-Server - SCOSA-2004.5
Previous by thread: BUSINESS PROPOSAL
Next by thread: [SCO] Schwache Authentifizierung durch X-Server - SCOSA-2004.5
Index(es):
- Date
- Thread