Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Java JRE Buffer and Integer Overflow - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Java JRE Buffer and Integer Overflow

Sun acknowledged that multiple buffer and integer overflow vulnerabilities exist in the Java Runtime Environment with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. The advisory was posted here.

Handler Mark Hofman posted a onliner on 3 Dec 2009 on the released of an Apple Java update APPLE-SA-2009-12-03-1 & 2 (for 10.5 and 10.6) that fixed a number of issues. Sun had released a Java update for all platforms (Windows, Solaris and Linux), it is a good time to patch for this vulnerability because exploit code has been made public. For now, browsers on unpatched systems will crash but that could soon change.

You can find the Windows, Solaris and Linux update here.

You can find the Apple update here.

Si tu veux assister au cours SANS SEC 503 en français en mai 2010 à Nice, France, suis ce lien.

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


441 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!