=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN299
_____________________________________________________________________

DATE                      : 12/07/2007

HARDWARE PLATFORM(S)      : /
                                               	
OPERATING SYSTEM(S)       : Tout système avec Sun Java Runtime
                            Environment ou Sun Java Development Kit ou
                            Sun Java Software Development Kit

======================================================================

Sun(sm) Alert Notification
     * Sun Alert ID: 102934
     * Synopsis: Security Vulnerabilities in the Java Runtime
       Environment Image Parsing Code May Allow a Untrusted Applet to
       Elevate Privileges
     * Category: Security
     * Product: Java 2 Platform, Standard Edition
     * BugIDs: 6483556, 6483560
     * Avoidance: Patch, Upgrade
     * State: Resolved
     * Date Released: 31-May-2007, 29-Jun-2007
     * Date Closed: 29-Jun-2007
     * Date Modified: 29-Jun-2007, 10-Jul-2007

1. Impact

   A buffer overflow vulnerability in the image parsing code in the Java
   Runtime Environment may allow an untrusted applet or application to
   elevate its privileges. For example, an applet may grant itself
   permissions to read and write local files or execute local
   applications that are accessible to the user running the untrusted
   applet.

   A second vulnerability may allow an untrusted applet or application
   to cause the Java Virtual Machine to hang.

   Sun acknowledges, with thanks, Chris Evans of the Google Security
   Team, for bringing these issues to our attention.

   These issues are also referenced in the following documents:

   CVE-2007-2788 at
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788

   CVE-2007-2789 at
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789

2. Contributing Factors

   These issues can occur in the following releases (for Windows,
   Solaris, and Linux):

   First vulnerability:
     * JDK and JRE 6
     * JDK and JRE 5.0 Update 10 and earlier
     * SDK and JRE 1.4.2_14 and earlier
     * SDK and JRE 1.3.1_20 and earlier

   Second vulnerability:
     * JDK and JRE 6
     * JDK and JRE 5.0 Update 10 and earlier
     * SDK and JRE 1.4.2_14 and earlier
     * SDK and JRE 1.3.1_19 and earlier

   To determine the default version of the JRE on a system for Solaris
   and Linux, the following command can be run:
    % java -version

   Note: The above command only determines the default version. Other
   versions may also be installed on the system.

   To determine the default version of the JRE on a system for Windows:
    1. Click "Start"
    2. Select "Run"
    3. Type "cmd" (starts a command-line)
    4. At the prompt, type "java -version"

   Note: The above command only determines the default version. Other
   versions may also be installed on the system.

3. Symptoms

   There are no reliable symptoms that would show the described issues
   have been exploited.

4. Relief/Workaround

   There is no workaround for this issue. Please see the Resolution
   section below.

5. Resolution

   The first issue is addressed in the following releases (for Windows,
   Solaris, and Linux):
     * JDK and JRE 6 Update 1 or later
     * JDK and JRE 5.0 Update 11 or later
     * SDK and JRE 1.4.2_15 and later

   The second issue is addressed in the following releases (for Windows,
   Solaris, and Linux):
     * JDK and JRE 6 Update 1 or later
     * JDK and JRE 5.0 Update 11 or later
     * SDK and JRE 1.4.2_15 and later
     * SDK and JRE 1.3.1_20 or later

   Java SE 6 Update 1 is available for download at the following link:

   http://java.sun.com/javase/downloads/index.jsp

   Java SE 6 Update 1 for Solaris is available in the following patches:
     * Java SE 6: update 1 (as delivered in patch 125136-01)
     * Java SE 6: update 1 (as delivered in patch 125137-01 (64bit))
     * Java SE 6_x86: update 1 (as delivered in patch 125138-01)
     * Java SE 6_x86: update 1 (as delivered in patch 125139-01
       (64bit))

   J2SE 5.0 is available for download at the following link:

   http://java.sun.com/j2se/1.5.0/download.jsp

   J2SE 5.0 Update 11 for Solaris is available in the following patches:
     * J2SE 5.0: update 11 (as delivered in patch 118666-11)
     * J2SE 5.0: update 11 (as delivered in patch 118667-11 (64bit))
     * J2SE 5.0_x86: update 11 (as delivered in patch 118668-11)
     * J2SE 5.0_x86: update 11 (as delivered in patch 118669-11
       (64bit))

   SDK and JRE 1.4.2_15 is available for download at:

   http://java.sun.com/j2se/1.4.2/download.html

   J2SE 1.3.1_20 is available for download at:

   http://java.sun.com/j2se/1.3/download.html

   Note: When installing a new version of the product from a source
   other than a Solaris patch, it is recommended that the old affected
   versions be removed from your system. For more information, please
   see the installation notes on the respective java.sun.com download
   pages.

Change History

   29-Jun-2007:
     * State: Resolved
     * Updated Resolution section

   10-Jul-2007:
     * Updated Impact Section

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided
   by third parties. The issues described in this Sun Alert notification
   may or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
   YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
   OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
   This Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions
   of your agreement to purchase services from Sun, or, if you do not
   have such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.

   Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle,
   Santa Clara, CA 95054 U.S.A. All rights reserved

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================