Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Vulnerability Alert

Multiple Vendor Java Runtime Environment HsbParser.getSoundBank Remote Buffer Overflow Vulnerability

 
Threat Type:IntelliShield: Applied Mitigation Bulletin
IntelliShield ID:19350
Version:13
First Published:2009 November 05 18:46 GMT
Last Published:2011 September 14 18:25 GMT
Port: Not available
CVE:CVE-2009-1996 , CVE-2009-2625 , CVE-2009-3410 , CVE-2009-3411 , CVE-2009-3412 , CVE-2009-3413 , CVE-2009-3414 , CVE-2009-3415 , CVE-2009-3416 , CVE-2009-3867 , CVE-2009-3868 , CVE-2009-3869 , CVE-2009-3871 , CVE-2009-3872 , CVE-2009-3873 , CVE-2009-3874 , CVE-2009-3875 , CVE-2009-3876 , CVE-2009-3877 , CVE-2010-0066 , CVE-2010-0067 , CVE-2010-0068 , CVE-2010-0069 , CVE-2010-0070 , CVE-2010-0071 , CVE-2010-0072 , CVE-2010-0074 , CVE-2010-0075 , CVE-2010-0076 , CVE-2010-0077 , CVE-2010-0078 , CVE-2010-0079 , CVE-2010-0080
BugTraq ID:36881
Urgency:Unlikely Use
Credibility:Confirmed
Severity:Moderate Damage
CVSS Base:9.3 CVSS Calculator
CVSS Version 2.0
CVSS Temporal:6.9
 
Version Summary:

HP has released an additional security bulletin and updated software to address the multiple vendor Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

 
 
Description

HP, IBM, and Sun Java products?contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a lack of input validation in Java applets or Java Web Start applications, leading to a buffer overflow.? An attacker could exploit the vulnerability by convincing a user to visit a web page that contains a crafted Java applet or Java Web Start application.? Processing the web page could result in a buffer overflow, corrupting memory.? The attacker could take advantage of the memory corruption to execute arbitrary code with user privileges.? If the user has administrative privileges, a complete system compromise could result.

HP, IBM, and Sun have confirmed this vulnerability and released updated software.

 
Warning Indicators
The following Java products are vulnerable:

  • Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 16 and prior
  • Sun JDK and JRE 5.0 Update 21 and prior
  • Sun Java Software Development Kit (SDK) and JRE 1.4.2_23 and prior
  • Sun Java SDK and JRE 1.3.1_26 and prior
  • IBM JDK 6 SR6 and prior
  • IBM JDK 5 SR10 and prior
  • IBM JDK 1.4.2 SR13-FP2 and prior
  • HP JDK and JRE 6.0.05 and prior
  • HP JDK and JRE 5.0.18 and prior
  • HP Java SDK and JRE 1.4.2.23 and prior
 
IntelliShield Analysis

An attacker must entice a user to visit a malicious website to exploit this vulnerability.? The attacker may employ social engineering tactics for this purpose, such as sending links by means of an e-mail message, instant messaging, or other forms of communication.?

A successful exploit could allow the attacker to execute arbitrary code with the privileges of the targeted user.? Systems that grant users elevated privileges may experience a greater impact in case of an exploit because any code execution would also run with elevated privileges,?resulting in complete system compromise.

 
Vendor Announcements

HP has released a bulletin c01997760 and c03005726 at the following links: HPSBUX02503 SSRT100019 and HPSBMU02703 SSRT100242

IBM has released a security alert at the following link: CVE-2009-3867

Sun has re-released an alert notification at the following link: 270474

Apple has released security advisories at the following links: Java for Mac OS X 10.5 Update 6 and Java for Mac OS X 10.6 Update 1

Red Hat has released security advisories at the following links: RHSA-2009:1560, RHSA-2009:1643, RHSA-2009:1647, RHSA-2009:1694, RHSA-2010:0043, and RHSA-2010:408

VMware has re-released a security advisory at the following link: VMSA-2010-0002.2

 
Impact
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the system with user privileges.? If the user has administrative privileges, this action?could result in complete system compromise.
 
Technical Information

This?vulnerability exists because the affected software does not sufficiently sanitize user-supplied input when processing file:// URL arguments to the HsbParser.getSoundbank() function.?

An unauthenticated, remote attacker could exploit the vulnerability by means of a?crafted web page containing a Java applet or Java Web Start application that passes an overly long file:// URL argument to the getSoundbank() function.??Convincing?a targeted user to visit the web page could result in a stack-based buffer overflow.??The attacker could take advantage of the overflow to execute arbitrary code with the privileges of the user.

 
Safeguards

Administrators are advised to apply the appropriate updates.

Users should verify that unsolicited links are safe to follow.

Users are advised not to visit websites or follow links that have suspicious characteristics or cannot be verified as safe.

Users are advised not to open unsolicited e-mail attachments.? Users should verify that attachments are safe before opening them.

 
Patches/Software

HP has released updates at the following links:

HP-UX B.11.11
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.23
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.31
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP customers are advised to acquire the updated software via normal HP support channels.

IBM has released updates at the following link: IBM developer kits. JDK 6 SR7 is not yet available.

Sun has released updated software at the following links: JDK and JRE 6 Update 17 and JDK and JRE 5.0 Update 22.  Sun has released patches at the following links:

JDK 6 Update 17 for Solaris is available in the following patches:

SPARC
Java SE 6: update 17 (as delivered in patch 125136-19), which is yet to be released 
Java SE 6: update 17 (as delivered in patch125137-19(64bit))

Intel
Java SE 6_x86: update 17 (as delivered in patch125138-19)
Java SE 6_x86: update 17 (as delivered in patch 125139-19(64bit)), which is yet to be released

JDK 5 Update 22 for Solaris is available in the following patches:

SPARC
J2SE 5.0: update 22 (as delivered in patch 118666-24)
J2SE 5.0: update 22 (as delivered in patch 118667-24 (64bit))

Intel
J2SE 5.0_x86: update 22 (as delivered in patch 118668-24)
J2SE 5.0_x86: update 22 (as delivered in patch 118669-24 (64bit))

Apple has released updated software at the following links:

Java for Mac OS X 10.5 Update 6
Java for Mac OS X 10.6 Update 1

Red Hat packages can be updated using the up2date or yum command.

VMware has released updated software at the following links:

VirtualCenter 2.5
Update 6

ESX 4.0
ESX400-201005402-SG

ESX 3.5
ESX350-201003403-SG


Signatures
 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
25421/0Java HsbParser.getSoundBank Stack OverflowS5052010 Aug 06 
 
Alert History
 

Version 12, June 1, 2010, 8:40 AM: VMware has re-released a security advisory and updated software to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 11, May 13, 2010, 11:49 AM: Red Hat has released an additional security advisory and updated packages to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 10, February 9, 2010, 11:06 AM: HP has released a security bulletin and updated software to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 9, February 2, 2010, 8:53 AM: VMware has released a security advisory and updated software to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 8, January 15, 2010, 8:55 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 7, January 4, 2010, 9:03 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 6, December 9, 2009, 8:27 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 5, December 8, 2009, 10:22 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 4, December 7, 2009, 2:17 PM: Sun has re-released an alert notification with updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.  IBM has also released a security alert and updated software to address this vulnerability.

Version 3, December 4, 2009, 10:49 AM: Apple has released security advisories and updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 2, November 9, 2009, 3:42 PM: Red Hat has released a security advisory and updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 1, November 5, 2009, 1:46 PM: Sun Java Runtime Environment contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with user privileges.  Updates are available.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
HPHP Java Development Kit (JDK) 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18 | 6.0 .00, .01, .02, .03, .04, .05
HPHP Java Runtime Environment (JRE) 1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23 | 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18 | 6.0 .00, .01, .02, .03, .04, .05
HPHP Java Software Development Kit (SDK) 1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23
IBMJava Development Kit (JDK) 1.4 .2, .2 SR1, .2 SR2, .2 SR3, .2 SR4, .2 SR5, .2 SR6, .2 SR7, .2 SR8, .2 SR9, .2 SR10, .2 SR11, .2 SR12, .2 SR13 | 5.0 Base, SR1, SR2, SR3, SR4, SR5, SR5a, SR6, SR7, SR8, SR8a, SR9, SR10 | 6.0 Base, SR1, SR2, SR3, SR4, SR5, SR6
Oracle CorporationOracle Access Manager (OAM) 7.0.4 .3 | 10.1 .4.2
Oracle CorporationOracle Application Server 10g 10.1.2 .3.0 | 10.1.3 .4.0, .5.0, .5.1
Oracle CorporationOracle Database Server 10g 10.1 .0.5 | 10.2 .0.3, .0.4
Oracle CorporationOracle Database Server 11g 11.1 .0.7.0
Oracle CorporationOracle E-Business Suite 11.5 .10.2 | 12.0 .4, .6, .5 | 12.1 .1, .2
Oracle CorporationOracle9i Database Server 9.2.0.8 Base | 9.2.0.8DV Base
Oracle CorporationPeopleSoft Enterprise HCM (TAM) 8.9 Base | 9.0 Base
Oracle CorporationPrimavera P6 Enterprise Project Portfolio Management 6.1 Base | 6.2.1 Base | 7.0 Base
Oracle CorporationPrimavera P6 Web Services 6.2.1 Base | 7.0 Base, SP1
Oracle CorporationWebLogic JRockit 6 JDK 1.4 .2, .2_01, .2_02, .2_03, .2_04, .2_05, .2_06, .2_07, .2_08, .2_09, .2_10, .2_11, .2_12, .2_13, .2_14, .2_15, .2_16, .2_17, .2_18, .2_19, .2_20, .2_21 | 5.0 Base, .0, .0_01, .0_02, .0_03, .0_04, .0_05, .0_06, .0_07, .0_08, .0_09, .0_10, .0_11, .0_12, .0_13, .0_14, .0_15, .0_16, .0_17, .0_18, .0_19 | 6.0 Base, .0_01, .0_02, .0_03, .0_04, .0_05, .0_06, .0_07, .0_08, .0_09, .0_10, .0_11, .0_12, .0_13, .0_14
Oracle CorporationWebLogic Server 7.0 Base, SP1, SP2, SP3, SP4, SP5, SP6, SP7 | 8.1 Base, SP1, SP2, SP3, SP4, SP5, SP6 | 9.0 Base | 9.1 Base | 9.2 Base, MP1, MP2, MP3 | 10.0 Base, MP1, MP2 | 10.3 Base, .1
Sun Microsystems, Inc.Java Development Kit (JDK) 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 20, Update 21 | 6.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16
Sun Microsystems, Inc.Java Runtime Environment (JRE) 1.3.1 Base, _01, _01a, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23, _24, _25, _26 | 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23 | 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 20, Update 21 | 6.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16
Sun Microsystems, Inc.Java Software Development Kit (SDK) 1.3.1 Base, _01, _01a, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23, _24, _25, _26 | 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23

Associated Products:
AppleMac OS X 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Base, Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel | 10.6.1 Intel | 10.6.2 Base
AppleMac OS X Server 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel | 10.6.1 Intel | 10.6.2 Base
HPHP OpenView Network Node Manager (NNM) 8.01 Base | 9.0 Base
HPHP-UX 11.11/11i Base | 11.23 Base | 11.31 Base
Red Hat, Inc.Red Hat Enterprise Linux Desktop Supplementary 5.0 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Extras 4 IA-32, IA-64, x86_64, PPC, s390, s390x, ppc64 | 4.8.z IA-32, PPC, PPC-64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux for SAP Original Release x86_64
Red Hat, Inc.Red Hat Network Satellite 5.3 IA-32
Red Hat, Inc.RHEL Supplementary 5 IA-32, IA-64, PPC, PPC64, S390, S390x, x86_64
Red Hat, Inc.RHEL Supplementary EUS 5.4.z IA-32, IA-64, PPC, PPC64, s390, s390x, x86_64
Sun Microsystems, Inc.Solaris 8 sparc, intel | 9 sparc, intel | 10 sparc, x64/x86
VMware, Inc.VirtualCenter 2.0.2 Base, Update 1, Update 2, Update 3, Update 4, Update 5 | 2.5 Base, Update 1, Update 2, Update 3 | 4.0 Base
VMware, Inc.vMA 4.0 Base
VMware, Inc.VMware ESX Server 3.0 .3 | 3.5 Base, Update 1, Update 2, Update 3, Update 4 | 4.0 Base
VMware, Inc.VMware Server 2.0 .0, .1, .2




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield