Easy to Learn Java: Programming Articles, Examples and Tips

Start with Java in a few days with Java Lessons or Lectures

Home

Code Examples

Java Tools

More Java Tools!

Java Forum

All Java Tips

Books

Submit News
Search the site here...
Search...
 
Search the JavaFAQ.nu
1000 Java Tips ebook

1000 Java Tips - Click here for the high resolution copy!1000 Java Tips - Click here for the high resolution copy!

Java Screensaver, take it here

Free "1000 Java Tips" eBook is here! It is huge collection of big and small Java programming articles and tips. Please take your copy here.

Take your copy of free "Java Technology Screensaver"!.

Security Vulnerabilities in the Java Runtime Environment Image Parsing Code

JavaFAQ Home » Security Go to all tips in Security


Bookmark and Share

Java Security Alert! The Sun JDK uses native code for image parsing and the parser contains a buffer overflow vulnerability.

A buffer overflow vulnerability is a kind of security hole when an application can put its executable code or data behind the border (in memory) which OS allocates for this this application, including a data. It results in a situation when a code is placed outside of permitted place in memory where it is allowed to do it. Look at affected versions and the solution below.

A buffer overflow vulnerability in the parser may allow an untrusted applet or application to elevate its privileges in OS. For example, an applet may grant itself permissions to read and write local files. It can probably execute local applications that are accessible to the user running the untrusted applet.

Generally speaking an image in not containing an image, but executable code which can be executed in JRE's or JDK's memory area with privileges which are granted to that JRE or JDK!

Affected versions are listed below. You need to update your Java ASAP! Look here for the solution.

Vulnerable Java versions are listed here:

Sun SDK (Solaris Production Release) 1.4.2 _08
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.3.1 _15
Sun SDK (Solaris Production Release) 1.3.1 _14
Sun SDK (Solaris Production Release) 1.3.1 _13
Sun SDK (Solaris Production Release) 1.3.1 _12
Sun SDK (Solaris Production Release) 1.3.1 _11
Sun SDK (Solaris Production Release) 1.3.1 _10
Sun SDK (Solaris Production Release) 1.3.1 _09
Sun SDK (Solaris Production Release) 1.3.1 _08
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun JDK (Windows Production Release) 1.5 .0_05
Sun JDK (Windows Production Release) 1.5 .0_04
Sun JDK (Windows Production Release) 1.5 .0_03
Sun JDK (Windows Production Release) 1.5
Sun JDK (Windows Production Release) 1.6.0_01-b06
Sun JDK (Windows Production Release) 1.5.0_11-b03
Sun JDK (Windows Production Release) 1.5.0_07-b03
Sun JDK (Windows Production Release) 1.5.0.0_09
Sun JDK (Windows Production Release) 1.5.0.0_08
Sun JDK (Windows Production Release) 1.3.1_20
Sun JDK (Linux Production Release) 1.5 _07
Sun JDK (Linux Production Release) 1.5 .0_05
Sun JDK (Linux Production Release) 1.5 .0_04
Sun JDK (Linux Production Release) 1.5 .0_03
Sun JDK (Linux Production Release) 1.5
Sun JDK (Linux Production Release) 1.5
Sun JDK (Linux Production Release) 1.5.0.0_09
Sun JDK (Linux Production Release) 1.5.0.0_08
Sun Java 2 Runtime Environment 1.5 _07
Sun Java 2 Runtime Environment 1.5 _06
Sun Java 2 Runtime Environment 1.5 _05
Sun Java 2 Runtime Environment 1.5 _04
Sun Java 2 Runtime Environment 1.5 _03
Sun Java 2 Runtime Environment 1.5 _02
Sun Java 2 Runtime Environment 1.5 _01
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.5.0_10
Sun Java 2 Runtime Environment 1.5.0_09
Sun Java 2 Runtime Environment 1.3.1_20

Not Vulnerable Java versions:

Sun Sun Java 2 Runtime Environment 1.6.0_01
Sun SDK (Solaris Production Release) 1.3.1_20
Sun JDK (Windows Production Release) 1.6.0_01
Sun JDK (Windows Production Release) 1.5.0.0_11
Sun JDK (Linux Production Release) 1.6.0_01
Sun JDK (Linux Production Release) 1.5.0.0_11
Sun Java 2 Runtime Environemnt 1.5.0_11


 Printer Friendly Page  Printer Friendly Page
 Send to a Friend  Send to a Friend

.. Bookmark and Share

Search here again if you need more info!
Custom Search



Home Code Examples Java Forum All Java Tips Books Submit News, Code... Search... Offshore Software Tech Doodling

RSS feed Java FAQ RSS feed Java FAQ News     

    RSS feed Java Forums RSS feed Java Forums

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest 1999-2006 by Java FAQs Daily Tips.

Interactive software released under GNU GPL, Code Credits, Privacy Policy