A vulnerability, which was classified as critical, has been found in Sun Java JRE and JDK (Programming Language Software). Affected by this issue is an unknown code block of the component JNLP File UTF-8 Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."

The bug was discovered 03/04/2008. The weakness was presented 03/05/2008 with ZDI (Website). The advisory is available at java.sun.com. This vulnerability is handled as CVE-2008-1188 since 03/06/2008. The attack may be launched remotely. The requirement for exploitation is a simple authentication. Technical details are unknown but a private exploit is available.

It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 32013 (GLSA-200804-20 : Sun JDK/JRE: Multiple vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 165677 (SUSE Enterprise Linux Security Update Sun Java (SUSE-SA:2008:018)).

Upgrading to version 6 Update 5 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at java.sun.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability. Attack attempts may be identified with Snort ID 15081. In this case the pattern is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 5622.

The vulnerability is also documented in the databases at X-Force (41133) and Tenable (32013). See 3639, 3636, 3640 and 3645 for similar entries.

Productinfo

Type

• Programming Language Software

Vendor

• Sun

Name

• Java JRE
• JDK

License

• free

Support

• end of life

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info