正文

多个厂商的Java虚拟机字节地址校验漏洞

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1225天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

多个厂商的Java虚拟机字节地址校验漏洞

  • CNNVD编号:CNNVD-200203-044
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2002-0076
  • 漏洞类型: 设计错误
  • 发布时间: 2002-03-19
  • 威胁类型: 远程
  • 更新时间: 2005-10-12
  • 厂        商: sun
  • 漏洞来源:

漏洞简介

Java虚拟机的实现存在漏洞,允许Java小程序突破安全机制限制。 这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作,Java小程序的操作因此会跳出安全机制的限制,从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。 <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba http://www.microsoft.com/technet/security/bulletin/MS02-013.asp *>

漏洞公告

临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:

* 暂时没有好的临时解决方法。 厂商补丁: HP -- HP已经为此发布了一个安全公告(HPSBUX0203-187)以及相应补丁:

HPSBUX0203-187:Sec. Vulnerability in JRE Bytecode Verifier

补丁下载:

HP Java JRE/JDK for HP-UX 1.1.8:

HP Upgrade Java JDK/JRE 1.1.8.06

http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html

Java 1.1.8 for HP-UX到2002-10-9将废弃,建议用户升级到1.3.1版本。

HP Java JRE/JDK for HP-UX 1.2.2:

HP Upgrade Java JDK/JRE 1.2.2.12

http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html

HP Java JRE/JDK for HP-UX 1.3:

HP Upgrade Java JDK/JRE 1.3.1.02

http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html Microsoft --------- Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:

MS02-013:Java Applet Can Redirect Browser Traffic

链接: http://www.microsoft.com/technet/security/bulletin/MS02-013.asp

补丁下载:

Microsoft Upgrade msjavx86

http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe Sun --- Sun已经为此发布了一个安全公告(Sun-00218)以及相应补丁:

Sun-00218:Bytecode Verifier

链接: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba

补丁下载:

Sun JRE (Solaris Production Release) 1.1.8_14:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Solaris Production Release) 1.1.8_14:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Windows Production Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Windows Production Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Solaris Reference Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Reference Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Production Release) 1.2.2_10:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun JRE (Solaris Reference Release) 1.2.2_10:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun SDK (Solaris Production Release) 1.2.2_10:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun SDK (Windows Production Release) 1.2.2_10:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun SDK (Solaris Reference Release) 1.2.2_010:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun SDK (Linux Production Release) 1.2.2_010:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun JRE (Windows Production Release) 1.2.2_010:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun JRE (Linux Production Release) 1.2.2_010:

Sun Patch SDK and JRE 1.2.2_011

http://java.sun.com/j2se/1.2/

Sun JRE (Windows Production Release) 1.3_05:

Sun SDK (Solaris Production Release) 1.3_05:

Sun JRE (Solaris Production Release) 1.3_05:

Sun SDK (Windows Production Release) 1.3_05:

Sun JRE (Linux Production Release) 1.3_05:

Sun SDK (Linux Production Release) 1.3_05:

Sun JRE (Windows Production Release) 1.3.1_01a:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

Sun SDK (Windows Production Release) 1.3.1_01a:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

Sun JRE (Solaris Production Release) 1.3.1_01:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

Sun SDK (Solaris Production Release) 1.3.1_01:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

Sun SDK (Linux Production Release) 1.3.1_01:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

Sun JRE (Linux Production Release) 1.3.1_01:

Sun Patch SDK and JRE 1.3.1_02

http://java.sun.com/j2se/1.3/

参考网址

来源: MS 名称: MS02-013 链接:http://www.microsoft.com/technet/security/bulletin/ms02-013.asp 来源: SUN 名称: 00218 链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218 来源: BID 名称: 4313 链接:http://www.securityfocus.com/bid/4313 来源: XF 名称: java-vm-verifier-variant(8480) 链接:http://www.iss.net/security_center/static/8480.php

受影响实体

  • Sun Sdk:1.3_05  
    <!--
    2000-1-1
    -->
  • Sun Sdk:1.3.1_01a  
    <!--
    2000-1-1
    -->
  • Sun Sdk:1.3.1_01  
    <!--
    2000-1-1
    -->
  • Sun Sdk:1.2.2_10  
    <!--
    2000-1-1
    -->
  • Sun Sdk:1.2.2_010  
    <!--
    2000-1-1
    -->

补丁

    暂无