J-Security Center

Title: Sun Java Runtime Environment Font Parsing Remote Privilege Escalation Vulnerability

Severity: HIGH

Description:

Sun Java Runtime Environment (JRE) is an enterprise development platform.

JRE is prone to a remote privilege-escalation vulnerability that occurs in the font-parsing code of the affected application. The issue occurs when parsing TrueType fonts. Specifically, when writing to the Control Value Table (CVT), the application fails to verify that a user-supplied index value is within the bounds of the CVT. An attacker can leverage this to write arbitrary data to arbitrary memory locations outside of what is allocated for the CVT.

Attackers could exploit this issue by constructing a malicious Java applet that could read and write local files or execute arbitrary local applications with the privileges of the user invoking the Java applet. A successful exploit of this issue may result in the remote compromise of affected computers.

Affected Products:

  • Apple Mac OS X 10.4.10
  • Apple Mac OS X 10.4.11
  • Apple Mac OS X Server 10.4.10
  • Apple Mac OS X Server 10.4.11
  • BEA Systems JRockit 1.4.2
  • BEA Systems JRockit 5.0
  • BEA Systems JRockit R27.3.1
  • Gentoo Linux
  • Linux kernel 2.6.5
  • Opera Software Opera Web Browser 7.54.0
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux Desktop Supplementary 5 client
  • RedHat Enterprise Linux Extras 3
  • RedHat Enterprise Linux Extras 4
  • RedHat Enterprise Linux Supplementary 5 server
  • S.u.S.E. CORE 9
  • S.u.S.E. Linux Enterprise Server 9
  • S.u.S.E. Novell Linux POS 9
  • S.u.S.E. Open-Enterprise-Server
  • S.u.S.E. SLE SDK 10.SP1
  • S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1
  • S.u.S.E. SUSE Linux Enterprise Server 10 SP1
  • Sun JDK (Linux Production Release) 1.5.0
  • Sun JDK (Linux Production Release) 1.5.0 .0_03
  • Sun JDK (Linux Production Release) 1.5.0 .0_04
  • Sun JDK (Linux Production Release) 1.5.0 .0_05
  • Sun JDK (Linux Production Release) 1.5.0 .0_06
  • Sun JDK (Linux Production Release) 1.5.0 _07
  • Sun JDK (Linux Production Release) 1.5.0.0_08
  • Sun JDK (Linux Production Release) 1.5.0.0_09
  • Sun JDK (Solaris Production Release) 1.5.0 .0_03
  • Sun JDK (Solaris Production Release) 1.5.0 .0_04
  • Sun JDK (Solaris Production Release) 1.5.0 .0_05
  • Sun JDK (Solaris Production Release) 1.5.0 .0_06
  • Sun JDK (Solaris Production Release) 1.5.0 0_09
  • Sun JDK (Windows Production Release) 1.5.0 .0_03
  • Sun JDK (Windows Production Release) 1.5.0 .0_04
  • Sun JDK (Windows Production Release) 1.5.0 .0_05
  • Sun JDK (Windows Production Release) 1.5.0 .0_06
  • Sun JDK (Windows Production Release) 1.5.0.0_08
  • Sun JDK (Windows Production Release) 1.5.0.0_09
  • Sun JRE (Linux Production Release) 1.4.2
  • Sun JRE (Linux Production Release) 1.4.2 _01
  • Sun JRE (Linux Production Release) 1.4.2 _02
  • Sun JRE (Linux Production Release) 1.4.2 _03
  • Sun JRE (Linux Production Release) 1.4.2 _04
  • Sun JRE (Linux Production Release) 1.4.2 _05
  • Sun JRE (Linux Production Release) 1.4.2 _06
  • Sun JRE (Linux Production Release) 1.4.2_07
  • Sun JRE (Linux Production Release) 1.4.2_08
  • Sun JRE (Linux Production Release) 1.4.2_09
  • Sun JRE (Linux Production Release) 1.4.2_10
  • Sun JRE (Linux Production Release) 1.4.2_10-b03
  • Sun JRE (Linux Production Release) 1.4.2_11
  • Sun JRE (Linux Production Release) 1.4.2_12
  • Sun JRE (Linux Production Release) 1.4.2_13
  • Sun JRE (Linux Production Release) 1.5.0_01
  • Sun JRE (Linux Production Release) 1.5.0_02
  • Sun JRE (Linux Production Release) 1.5.0_03
  • Sun JRE (Linux Production Release) 1.5.0_04
  • Sun JRE (Linux Production Release) 1.5.0_05
  • Sun JRE (Linux Production Release) 1.5.0_07
  • Sun JRE (Linux Production Release) 1.5.0_08
  • Sun JRE (Linux Production Release) 1.5.0_09
  • Sun JRE (Solaris Production Release) 1.4.2
  • Sun JRE (Solaris Production Release) 1.4.2 _01
  • Sun JRE (Solaris Production Release) 1.4.2 _02
  • Sun JRE (Solaris Production Release) 1.4.2 _03
  • Sun JRE (Solaris Production Release) 1.4.2 _04
  • Sun JRE (Solaris Production Release) 1.4.2 _05
  • Sun JRE (Solaris Production Release) 1.4.2 _06
  • Sun JRE (Solaris Production Release) 1.4.2_07
  • Sun JRE (Solaris Production Release) 1.4.2_08
  • Sun JRE (Solaris Production Release) 1.4.2_09
  • Sun JRE (Solaris Production Release) 1.4.2_10
  • Sun JRE (Solaris Production Release) 1.4.2_11
  • Sun JRE (Solaris Production Release) 1.4.2_12
  • Sun JRE (Solaris Production Release) 1.4.2_13
  • Sun JRE (Solaris Production Release) 1.4.2_14
  • Sun JRE (Solaris Production Release) 1.5.0
  • Sun JRE (Solaris Production Release) 1.5.0 _01
  • Sun JRE (Solaris Production Release) 1.5.0.0_07
  • Sun JRE (Solaris Production Release) 1.5.0.0_08
  • Sun JRE (Solaris Production Release) 1.5.0.0_09
  • Sun JRE (Solaris Production Release) 1.5.0_06
  • Sun JRE (Windows Production Release) 1.4.2
  • Sun JRE (Windows Production Release) 1.4.2 _01
  • Sun JRE (Windows Production Release) 1.4.2 _02
  • Sun JRE (Windows Production Release) 1.4.2 _03
  • Sun JRE (Windows Production Release) 1.4.2 _04
  • Sun JRE (Windows Production Release) 1.4.2 _05
  • Sun JRE (Windows Production Release) 1.4.2 _05
  • Sun JRE (Windows Production Release) 1.4.2 _06
  • Sun JRE (Windows Production Release) 1.4.2_07
  • Sun JRE (Windows Production Release) 1.4.2_08
  • Sun JRE (Windows Production Release) 1.4.2_09
  • Sun JRE (Windows Production Release) 1.4.2_10
  • Sun JRE (Windows Production Release) 1.4.2_11
  • Sun JRE (Windows Production Release) 1.4.2_12
  • Sun JRE (Windows Production Release) 1.4.2_13
  • Sun JRE (Windows Production Release) 1.4.2_14
  • Sun JRE (Windows Production Release) 1.5.0
  • Sun JRE (Windows Production Release) 1.5.0.0_07
  • Sun JRE (Windows Production Release) 1.5.0.0_08
  • Sun JRE (Windows Production Release) 1.5.0.0_09
  • Sun JRE (Windows Production Release) 1.5.0_06
  • Sun SDK (Linux Production Release) 1.4.2
  • Sun SDK (Linux Production Release) 1.4.2 _01
  • Sun SDK (Linux Production Release) 1.4.2 _02
  • Sun SDK (Linux Production Release) 1.4.2 _03
  • Sun SDK (Linux Production Release) 1.4.2 _04
  • Sun SDK (Linux Production Release) 1.4.2 _05
  • Sun SDK (Linux Production Release) 1.4.2 _08
  • Sun SDK (Linux Production Release) 1.4.2_09
  • Sun SDK (Linux Production Release) 1.4.2_10
  • Sun SDK (Linux Production Release) 1.4.2_11
  • Sun SDK (Linux Production Release) 1.4.2_12
  • Sun SDK (Linux Production Release) 1.4.2_13
  • Sun SDK (Linux Production Release) 1.4.2_14
  • Sun SDK (Solaris Production Release) 1.4.2
  • Sun SDK (Solaris Production Release) 1.4.2 _03
  • Sun SDK (Solaris Production Release) 1.4.2 _04
  • Sun SDK (Solaris Production Release) 1.4.2 _05
  • Sun SDK (Solaris Production Release) 1.4.2 _08
  • Sun SDK (Solaris Production Release) 1.4.2_09
  • Sun SDK (Solaris Production Release) 1.4.2_10
  • Sun SDK (Solaris Production Release) 1.4.2_11
  • Sun SDK (Solaris Production Release) 1.4.2_12
  • Sun SDK (Solaris Production Release) 1.4.2_13
  • Sun SDK (Solaris Production Release) 1.4.2_14
  • Sun SDK (Windows Production Release) 1.4.2
  • Sun SDK (Windows Production Release) 1.4.2 _03
  • Sun SDK (Windows Production Release) 1.4.2 _04
  • Sun SDK (Windows Production Release) 1.4.2 _05
  • Sun SDK (Windows Production Release) 1.4.2 _08
  • Sun SDK (Windows Production Release) 1.4.2_09
  • Sun SDK (Windows Production Release) 1.4.2_10
  • Sun SDK (Windows Production Release) 1.4.2_11
  • Sun SDK (Windows Production Release) 1.4.2_12
  • Sun SDK (Windows Production Release) 1.4.2_13
  • Sun SDK (Windows Production Release) 1.4.2_14

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.