安全研究
安全漏洞
多个厂商的Java虚拟机字节地址校验漏洞
发布日期:2002-03-19
更新日期:2002-03-19
受影响系统:
Microsoft Virtual Machine 3802 Series不受影响系统:
Sun JDK (Solaris Production Release) 1.1.8_14
Sun JDK (Solaris Reference Release) 1.1.8_008
Sun JDK (Windows Production Release) 1.1.8_008
Sun JRE (Linux Production Release) 1.3_05
Sun JRE (Linux Production Release) 1.3.1_01
Sun JRE (Linux Production Release) 1.2.2_010
Sun JRE (Solaris Production Release) 1.3_05
Sun JRE (Solaris Production Release) 1.3.1_01
Sun JRE (Solaris Production Release) 1.2.2_10
Sun JRE (Solaris Production Release) 1.1.8_14
Sun JRE (Solaris Reference Release) 1.2.2_010
Sun JRE (Solaris Reference Release) 1.1.8_008
Sun JRE (Windows Production Release) 1.3_05
Sun JRE (Windows Production Release) 1.3.1_01a
Sun JRE (Windows Production Release) 1.2.2_010
Sun JRE (Windows Production Release) 1.1.8_008
Sun SDK (Linux Production Release) 1.3_05
Sun SDK (Linux Production Release) 1.3.1_01
Sun SDK (Linux Production Release) 1.2.2_010
Sun SDK (Solaris Production Release) 1.3_05
Sun SDK (Solaris Production Release) 1.3.1_01
Sun SDK (Solaris Production Release) 1.2.2_10
Sun SDK (Solaris Reference Release) 1.2.2_010
Sun SDK (Windows Production Release) 1.3_05
Sun SDK (Windows Production Release) 1.3.1_01a
Sun SDK (Windows Production Release) 1.2.2_010
HP Java JRE/JDK for HP-UX 1.1.8
- HP HP-UX 11.20
HP Java JRE/JDK for HP-UX 1.2.2
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.04 (VVOS)
- HP HP-UX 11.0
HP Java JRE/JDK for HP-UX 1.3
- HP HP-UX 11.20
- HP HP-UX 11.11
- HP HP-UX 11.04 (VVOS)
- HP HP-UX 11.0
Microsoft Virtual Machine 3805 Series描述:
Sun JRE (Linux Production Release) 1.4
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Windows Production Release) 1.4
Sun SDK (Linux Production Release) 1.4
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Windows Production Release) 1.4
HP Java JRE/JDK for HP-UX 1.3.1.00
HP Java JRE/JDK for HP-UX 1.2.2.12
HP Java JRE/JDK for HP-UX 1.1.8.06
HP Java JRE/JDK for HP-UX 1.1.8.06
- HP HP-UX 10.20
HP Java JRE/JDK for HP-UX 1.2.2.12
- HP HP-UX 11.20
HP Java JRE/JDK for HP-UX 1.2.2.12
- HP HP-UX 11.11
HP Java JRE/JDK for HP-UX 1.2.2.12
- HP HP-UX 11.04 (VVOS)
HP Java JRE/JDK for HP-UX 1.2.2.12
- HP HP-UX 11.0
HP Java JRE/JDK for HP-UX 1.3.1.00
- HP HP-UX 11.20
HP Java JRE/JDK for HP-UX 1.3.1.00
- HP HP-UX 11.11
HP Java JRE/JDK for HP-UX 1.3.1.00
- HP HP-UX 11.04 (VVOS)
HP Java JRE/JDK for HP-UX 1.3.1.00
- HP HP-UX 11.0
BUGTRAQ ID: 4313
CVE(CAN) ID: CVE-2002-0076
Java虚拟机的实现存在漏洞,允许Java小程序突破安全机制限制。
这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作,Java小程序的操作因此会跳出安全机制的限制,从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。
<*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
http://www.microsoft.com/technet/security/bulletin/MS02-013.asp
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时没有好的临时解决方法。
厂商补丁:
HP
--
HP已经为此发布了一个安全公告(HPSBUX0203-187)以及相应补丁:
HPSBUX0203-187:Sec. Vulnerability in JRE Bytecode Verifier
补丁下载:
HP Java JRE/JDK for HP-UX 1.1.8:
HP Upgrade Java JDK/JRE 1.1.8.06
http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html
Java 1.1.8 for HP-UX到2002-10-9将废弃,建议用户升级到1.3.1版本。
HP Java JRE/JDK for HP-UX 1.2.2:
HP Upgrade Java JDK/JRE 1.2.2.12
http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html
HP Java JRE/JDK for HP-UX 1.3:
HP Upgrade Java JDK/JRE 1.3.1.02
http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:
MS02-013:Java Applet Can Redirect Browser Traffic
链接:http://www.microsoft.com/technet/security/bulletin/MS02-013.asp
补丁下载:
Microsoft Upgrade msjavx86
http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe
Sun
---
Sun已经为此发布了一个安全公告(Sun-00218)以及相应补丁:
Sun-00218:Bytecode Verifier
链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
补丁下载:
Sun JRE (Solaris Production Release) 1.1.8_14:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JDK (Solaris Production Release) 1.1.8_14:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JRE (Windows Production Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JDK (Windows Production Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JDK (Solaris Reference Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JRE (Solaris Reference Release) 1.1.8_008:
Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html
Sun JRE (Solaris Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Solaris Reference Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Solaris Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Windows Production Release) 1.2.2_10:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Solaris Reference Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun SDK (Linux Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Windows Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Linux Production Release) 1.2.2_010:
Sun Patch SDK and JRE 1.2.2_011
http://java.sun.com/j2se/1.2/
Sun JRE (Windows Production Release) 1.3_05:
Sun SDK (Solaris Production Release) 1.3_05:
Sun JRE (Solaris Production Release) 1.3_05:
Sun SDK (Windows Production Release) 1.3_05:
Sun JRE (Linux Production Release) 1.3_05:
Sun SDK (Linux Production Release) 1.3_05:
Sun JRE (Windows Production Release) 1.3.1_01a:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Windows Production Release) 1.3.1_01a:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun JRE (Solaris Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Solaris Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun SDK (Linux Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
Sun JRE (Linux Production Release) 1.3.1_01:
Sun Patch SDK and JRE 1.3.1_02
http://java.sun.com/j2se/1.3/
浏览次数:3706
严重程度:0(网友投票)
绿盟科技给您安全的保障