Java SE Security Updates

Number: AV09-042
Date: 5 November 2009

Purpose

The purpose of this advisory is to bring attention to multiple vulnerabilities in Java Standard Edition (SE). 

Assessment

The successful exploitation of these vulnerabilities may allow the bypass of security restrictions, privilege escalation and arbitrary code execution, and cause denial-of-service conditions. Other types of attacks are also possible.

The following Java SE updates have been released:

• JDK and JRE 6 Update 17 JDK and JRE 5.0 Update 22
• SDK and JRE 1.4.2_24
• SDK and JRE 1.3.1_27

These updates address the following:

• The Java Runtime Environment (JRE) Java Update mechanism running on non-English versions of the Windows operating system does not update the JRE when a new version is available (SUN Bug ID# 6869694)
• A command execution vulnerability in the JRE Deployment Toolkit may be leveraged to execute arbitrary code. This may occur as the result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability (SUN Bug ID# 6869752).      
  
• A security vulnerability in the Java Web Start Installer may be leveraged to allow an untrusted Java Web Start application to run as a trusted application and execute arbitrary code. This may occur when a user opens a specially crafted web page that exploits this vulnerability (SUN Bug ID# 6872824).
  
• Multiple buffer and integer overflow vulnerabilities in the JRE with processing audio and image files may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet (SUN Bug ID# 6854303, 6862970, 6872357, 6872358, 6862969, 6874643, 6862968).
  
• A security vulnerability in the JRE with verifying HMAC digests may allow authentication to be bypassed. This could allow a user to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack (SUN Bug ID#6863503).
  
• Two vulnerabilities in the JRE with decoding DER-encoded data and parsing HTTP headers may separately allow a remote client to cause the JRE on the server to run out of memory, resulting in a Denial-of-Service) condition (SUN Bug ID#6864911).

For the comprehensive list of vulnerable products please consult the original advisories referenced below.

Suggested action

CCIRC recommends that administrators test and deploy these updates according to their Release Management practices and at the earliest opportunity.

References:

• http://blogs.sun.com/security/entry/advance_notification_of_security_updates6
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-269868-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-269869-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-269870-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-270475-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-66-270476-1

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca