Products & Services

Home

Home Networking

Home Networking

Wireless for everyone:
Get connected now

umi telepresence

umi telepresence

The new way to
be together.

Flip Video

Flip Video

Meet the Flip family:
Life now has a play button

More for Home

 Support How to Buy

For Home

Cisco Home Products Store
Products for everyone

Flip Video Store
Meet the Flip Family:
Life now has a play button

For Business

All Ordering Options

 Training & Events Partners

Find a Partner

Cisco Partners help you find the right solution for your Business

Become a Partner

Enhance your company's value-add, expertise and opportunities

Small Business Partners

Log in to get sales resources.

Already a Partner?

Log in for resources.

Register as a New User

Visit Partner Central or My Cisco Workspace
Guest

Vulnerability Alert

Multiple Vendor Java Runtime Environment HsbParser.getSoundBank Remote Buffer Overflow Vulnerability

 
Threat Type:Unintended Weakness: Buffer Overflow
IntelliShield ID:19350
Version:13
First Published:2009 November 05 18:46 GMT
Last Published:2011 September 14 18:25 GMT
Vector:Network
Authentication:None
Exploit:Unproven
Port: Not Available
CVE:CVE-2009-3867
BugTraq ID:36881
Urgency: Unlikely Use
Credibility: Confirmed
Severity: Moderate Damage
CVSS Base:9.3 CVSS Calculator
CVSS Version 2
CVSS Temporal:6.9
 
Version Summary:

HP has released an additional security bulletin and updated software to address the multiple vendor Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.
 
 
Description

HP, IBM, and Sun Java products contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is due to a lack of input validation in Java applets or Java Web Start applications, leading to a buffer overflow. An attacker could exploit the vulnerability by convincing a user to visit a web page that contains a crafted Java applet or Java Web Start application. Processing the web page could result in a buffer overflow, corrupting memory. The attacker could take advantage of the memory corruption to execute arbitrary code with user privileges. If the user has administrative privileges, a complete system compromise could result.

HP, IBM, and Sun have confirmed this vulnerability and released updated software.
 
Warning Indicators
The following Java products are vulnerable:

  • Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 16 and prior
  • Sun JDK and JRE 5.0 Update 21 and prior
  • Sun Java Software Development Kit (SDK) and JRE 1.4.2_23 and prior
  • Sun Java SDK and JRE 1.3.1_26 and prior
  • IBM JDK 6 SR6 and prior
  • IBM JDK 5 SR10 and prior
  • IBM JDK 1.4.2 SR13-FP2 and prior
  • HP JDK and JRE 6.0.05 and prior
  • HP JDK and JRE 5.0.18 and prior
  • HP Java SDK and JRE 1.4.2.23 and prior
 
IntelliShield Analysis

An attacker must entice a user to visit a malicious website to exploit this vulnerability. The attacker may employ social engineering tactics for this purpose, such as sending links by means of an e-mail message, instant messaging, or other forms of communication.

A successful exploit could allow the attacker to execute arbitrary code with the privileges of the targeted user. Systems that grant users elevated privileges may experience a greater impact in case of an exploit because any code execution would also run with elevated privileges, resulting in complete system compromise.
 
Vendor Announcements

HP has released a bulletin c01997760 and c03005726 at the following links: HPSBUX02503 SSRT100019 and HPSBMU02703 SSRT100242

IBM has released a security alert at the following link: CVE-2009-3867

Sun has re-released an alert notification at the following link: 270474

Apple has released security advisories at the following links: Java for Mac OS X 10.5 Update 6 and Java for Mac OS X 10.6 Update 1

Red Hat has released security advisories at the following links: RHSA-2009:1560, RHSA-2009:1643, RHSA-2009:1647, RHSA-2009:1694, RHSA-2010:0043, and RHSA-2010:408

VMware has re-released a security advisory at the following link: VMSA-2010-0002.2
 
Impact
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the system with user privileges. If the user has administrative privileges, this action could result in complete system compromise.
 
Technical Information

This vulnerability exists because the affected software does not sufficiently sanitize user-supplied input when processing file:// URL arguments to the HsbParser.getSoundbank() function.

An unauthenticated, remote attacker could exploit the vulnerability by means of a crafted web page containing a Java applet or Java Web Start application that passes an overly long file:// URL argument to the getSoundbank() function. Convincing a targeted user to visit the web page could result in a stack-based buffer overflow. The attacker could take advantage of the overflow to execute arbitrary code with the privileges of the user.
 
Safeguards

Administrators are advised to apply the appropriate updates.

Users should verify that unsolicited links are safe to follow.

Users are advised not to visit websites or follow links that have suspicious characteristics or cannot be verified as safe.

Users are advised not to open unsolicited e-mail attachments. Users should verify that attachments are safe before opening them.

 
Patches/Software

HP has released updates at the following links:

HP-UX B.11.11
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.23
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP-UX B.11.31
JDK and JRE v6.0.06 or subsequent
JDK and JRE v5.0.19 or subsequent
SDK and JRE v1.4.2.24 or subsequent

HP customers are advised to acquire the updated software via normal HP support channels.

IBM has released updates at the following link: IBM developer kits. JDK 6 SR7 is not yet available.

Sun has released updated software at the following links: JDK and JRE 6 Update 17 and JDK and JRE 5.0 Update 22.  Sun has released patches at the following links:

JDK 6 Update 17 for Solaris is available in the following patches:

SPARC
Java SE 6: update 17 (as delivered in patch 125136-19), which is yet to be released 
Java SE 6: update 17 (as delivered in patch125137-19(64bit))

Intel
Java SE 6_x86: update 17 (as delivered in patch125138-19)
Java SE 6_x86: update 17 (as delivered in patch 125139-19(64bit)), which is yet to be released

JDK 5 Update 22 for Solaris is available in the following patches:

SPARC
J2SE 5.0: update 22 (as delivered in patch 118666-24)
J2SE 5.0: update 22 (as delivered in patch 118667-24 (64bit))

Intel
J2SE 5.0_x86: update 22 (as delivered in patch 118668-24)
J2SE 5.0_x86: update 22 (as delivered in patch 118669-24 (64bit))

Apple has released updated software at the following links:

Java for Mac OS X 10.5 Update 6
Java for Mac OS X 10.6 Update 1

Red Hat packages can be updated using the up2date or yum command.

VMware has released updated software at the following links:

VirtualCenter 2.5
Update 6

ESX 4.0
ESX400-201005402-SG

ESX 3.5
ESX350-201003403-SG

Signatures
 
Cisco Systems Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
25421/0Java HsbParser.getSoundBank Stack OverflowS5052010 Aug 06
 
Alert History
 

Version 12, June 1, 2010, 8:40 AM: VMware has re-released a security advisory and updated software to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 11, May 13, 2010, 11:49 AM: Red Hat has released an additional security advisory and updated packages to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 10, February 9, 2010, 11:06 AM: HP has released a security bulletin and updated software to address the Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 9, February 2, 2010, 8:53 AM: VMware has released a security advisory and updated software to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 8, January 15, 2010, 8:55 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 7, January 4, 2010, 9:03 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 6, December 9, 2009, 8:27 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 5, December 8, 2009, 10:22 AM: Red Hat has released an additional security advisory with updated packages to address the Sun and IBM Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 4, December 7, 2009, 2:17 PM: Sun has re-released an alert notification with updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.  IBM has also released a security alert and updated software to address this vulnerability.

Version 3, December 4, 2009, 10:49 AM: Apple has released security advisories and updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 2, November 9, 2009, 3:42 PM: Red Hat has released a security advisory and updated software to address the Sun Java Runtime Environment HsbParser.getSoundBank remote buffer overflow vulnerability.

Version 1, November 5, 2009, 1:46 PM: Sun Java Runtime Environment contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with user privileges.  Updates are available.

Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
HPHP Java Development Kit (JDK)5.0.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9 | 6.0 .00, .01, .02, .03, .04, .05
HPHP Java Runtime Environment (JRE)1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23 | 5.0.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9 | 6.0 .00, .01, .02, .03, .04, .05
HPHP Java Software Development Kit (SDK)1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23
IBMJava Development Kit (JDK)1.4 .2, .2 SR1, .2 SR10, .2 SR11, .2 SR13, .2 SR2, .2 SR3, .2 SR4, .2 SR5, .2 SR6, .2 SR7, .2 SR8, .2 SR9 | 5.0 Base, SR1, SR10, SR2, SR3, SR4, SR5, SR5a, SR6, SR7, SR8, SR8a, SR9 | 6.0 Base, SR1, SR2, SR3, SR4, SR5, SR6
Sun Microsystems, Inc.Java Development Kit (JDK)5.0.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 2, Update 20, Update 21, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9 | 6.0.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7
Sun Microsystems, Inc.Java Runtime Environment (JRE)1.3.1 Base, _01, _01a, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23, _24, _25, _26 | 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23 | 5.0.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 2, Update 20, Update 21, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9 | 6.0 Base, Update 1, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7
Sun Microsystems, Inc.Java Software Development Kit (SDK)1.3.1 Base, _01, _01a, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23, _24, _25, _26 | 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23

Associated Products:
AppleMac OS X10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Base, Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel | 10.6.1 Intel | 10.6.2 Base
AppleMac OS X Server10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel | 10.6.1 Intel | 10.6.2 Base
HPHP OpenView Network Node Manager (NNM)8.01 Base | 9.0 Base
HPHP-UX11.11/11i Base | 11.23 Base | 11.31 Base
Red Hat, Inc.Red Hat Enterprise Linux Desktop Supplementary5.0 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Extras4 IA-32, IA-64, PPC, ppc64, s390, s390x, x86_64 | 4.8.z IA-32, PPC, PPC-64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux for SAPOriginal Release x86
Red Hat, Inc.Red Hat Network Satellite5.3 Base
Red Hat, Inc.RHEL Supplementary5 IA-32, IA-64, PPC, PPC64, S390, S390x, x86_64
Red Hat, Inc.RHEL Supplementary EUS5.4.z IA-32, IA-64, PPC, PPC64, s390, s390x, x86_64
Sun Microsystems, Inc.Solaris10 sparc, x64/x86 | 8 intel, sparc | 9 intel, sparc
VMware, Inc.VirtualCenter2.0.2 Base, Update 1, Update 2, Update 3, Update 4, Update 5 | 2.5 Base, Update 1, Update 2, Update 3 | 4.0 Base
VMware, Inc.vMA4.0 Base
VMware, Inc.VMware ESX Server3.0 .3 | 3.5 Base, Update 1, Update 2, Update 3, Update 4 | 4.0 Base
VMware, Inc.VMware Server2.0 .0, .1, .2



Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment. Cisco is pleased to offer a free trial of the service. To register for full access, please visit the IntelliShield trial registration page.
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield

Related Links

Solutions

Products & Services


Feedback

Which alert section is most useful?

  • Affected Products/Versions
  • Patches/Software Updates
  • Description
  • Safeguards
  • Technical Information/Analysis

Do you use the CVSS scoring provided in alerts? Why?

What additional information should IntelliShield alerts include?