Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Vulnerability Alert

Multiple Vendor Java Products RMIConnectionImpl Object Arbitrary Code Execution Vulnerability

 
Threat Type:CWE-94: Code Injection
IntelliShield ID:20277
Version:7
First Published:2010 April 07 13:47 GMT
Last Published:2010 July 13 12:55 GMT
Port: Not available
CVE:CVE-2010-0082 , CVE-2010-0084 , CVE-2010-0085 , CVE-2010-0087 , CVE-2010-0088 , CVE-2010-0089 , CVE-2010-0090 , CVE-2010-0091 , CVE-2010-0092 , CVE-2010-0093 , CVE-2010-0094 , CVE-2010-0095 , CVE-2010-0837 , CVE-2010-0838 , CVE-2010-0839 , CVE-2010-0840 , CVE-2010-0841 , CVE-2010-0842 , CVE-2010-0843 , CVE-2010-0844 , CVE-2010-0845 , CVE-2010-0846 , CVE-2010-0847 , CVE-2010-0848 , CVE-2010-0849 , CVE-2010-0850
BugTraq ID:39075
Urgency:Unlikely Use
Credibility:Confirmed
Severity:Moderate Damage
CVSS Base:9.3 CVSS Calculator
CVSS Version 2.0
CVSS Temporal:6.9
 
Version Summary:

HP has released an additional security bulletin and updated software to address the Java products RMIConnectionImpl object arbitrary code execution vulnerability.

 
 
Description

HP, IBM, and Oracle Java contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code.

The vulnerability exists because the affected software does not sufficiently manage privileges while reconstructing certain objects.  An unauthenticated, remote attacker could exploit this vulnerability by convincing a user to view a website that contains a malicious Java applet.  A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user.

HP, IBM, and Oracle have confirmed this vulnerability and released updated software.

 
Warning Indicators

The following Java products are vulnerable:

  • Oracle JDK and JRE 6 Update 18 and prior
  • Oracle JDK 5.0 Update 23 and prior
  • HP JDK and JRE 6.0.06 and prior
  • HP JDK and JRE 5.0.19 and prior
  • HP SDK and RTE 1.4.2.24 and prior
  • IBM JDK 6 SR7 and prior
  • IBM JDK 5 SR11 and prior
 
IntelliShield Analysis

To exploit this vulnerability, an attacker would need to convince the user to open a Java applet that contains malicious instructions.? The attacker would most likely need to employ social engineering techniques and send links to the user in e-mail messages, instant messaging, or other forms of communication.

 
Vendor Announcements

HP has released a security bulletin c02122104 at the following link: HPSBUX02524 SSRT100089HP has released an additional security bulletin, c02273751, for registered users at the following link: HPSBMA02547 SSRT100179

IBM has released a security alert at the following link: CVE-2010-0094

Oracle has released a security alert at the following link: Critical Patch Update March 2010

Apple has released security updates at the following links: Java for Mac OS X 10.6 Update 2 and Java for Mac OS X 10.5 Update 7

Red Hat has released security advisories at the following links: RHSA-2010-0337, RHSA-2010-0338, RHSA-2010-0339, RHSA-2010:0383, and RHSA-2010-0471

 
Impact

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the targeted system with the privileges of the user.? If the user holds?administrative privileges, a complete system compromise is possible.

 
Technical Information

The vulnerability is due to an incorrect reconstruction of RMIConnectionImpl objects.? The affected software incorrectly manages privileges during the reconstruction of the objects.? An unauthenticated, remote attacker could exploit this vulnerability by inserting privileged code into the ClassLoader of a Java constructor.? When later accessed in an applet, the code could execute in a privileged context.? A successful exploit could allow the attacker to escape Java sandbox protections and access system Java functions.? The attacker could use the vulnerability to execute arbitrary code on the targeted system with the privileges of the targeted user.

 
Safeguards

Administrators are advised to apply the appropriate updates.

Administrators are advised to use an unprivileged account for routine activities.

Administrators are advised to monitor affected systems.

Users should verify that unsolicited links are safe to follow.

Users are advised not to open unsolicited e-mail attachments.? Users should verify that attachments are safe before opening them.

 
Patches/Software

HP has released updated software at the following links:

HP-UX B.11.31
JDK and JRE v6.0.07 or subsequent
JDK and JRE v5.0.20 or subsequent
SDK and JRE v1.4.2.25 or subsequent

HP-UX B.11.23
JDK and JRE v6.0.07 or subsequent
JDK and JRE v5.0.20 or subsequent
SDK and JRE v1.4.2.25 or subsequent

HP-UX B.11.11
JDK and JRE v6.0.07 or subsequent
JDK and JRE v5.0.20 or subsequent
SDK and JRE v1.4.2.25 or subsequent

HP Systems Insight Manager (SIM)
v6.1 or subsequent (for HP-UX, Linux, and Windows)

IBM has released updates at the following link: IBM Developer Kits

Oracle has released patches for registered users at the following link: Oracle

Apple has released updated software at the following links:

Java for Mac OS X 10.6 Update 2
Java for Mac OS X 10.5 Update 7

CentOS packages can be updated using the up2date or yum command.

Red Hat packages can be updated using the up2date or yum command.

 
Alert History
 

Version 6, June 15, 2010, 1:21 PM: IBM has released a security alert and updated software to address the Java products RMIConnectionImpl object arbitrary code execution vulnerability.  Red Hat has also released an additional security advisory and updated packages to address the vulnerability.

Version 5, June 14, 2010, 9:38 AM: CentOS has released updated packages to address the Java products RMIConnectionImpl object arbitrary code execution vulnerability.

Version 4, June 3, 2010, 12:02 PM: HP has released a security bulletin and updated software to address the Java products RMIConnectionImpl object arbitrary code execution vulnerability.

Version 3, May 19, 2010, 10:01 AM: Apple has released security updates and updated software to address the Oracle Java RMIConnectionImpl object arbitrary code execution vulnerability.

Version 2, April 30, 2010, 8:13 AM: Red Hat has released an additional security advisory and updated packages to address the Oracle Java RMIConnectionImpl object arbitrary code execution vulnerability.

Version 1, April 7, 2010, 9:47 AM: Oracle Java SE and Java for Business contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.  Updates are available.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
HPHP Java Development Kit (JDK) 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19 | 6.0 .00, .01, .02, .03, .04, .05, .06
HPHP Java Runtime Environment (JRE) 1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23, .24 | 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19 | 6.0 .00, .01, .02, .03, .04, .05, .06
HPHP Java Software Development Kit (SDK) 1.4.2 .00, .01, .02, .03, .04, .05, .06, .07, .08, .09, .10, .11, .12, .13, .14, .15, .16, .17, .18, .19, .20, .21, .22, .23, .24
IBMJava Development Kit (JDK) 5.0 Base, SR1, SR2, SR3, SR4, SR5, SR5a, SR6, SR7, SR8, SR8a, SR9, SR10, SR11 | 6.0 Base, SR1, SR2, SR3, SR4, SR5, SR6, SR7
Sun Microsystems, Inc.Java Development Kit (JDK) 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 20, Update 21, Update 22, Update 23 | 6.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19
Sun Microsystems, Inc.Java Runtime Environment (JRE) 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23 | 5.0.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 8, Update 9, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19, Update 20, Update 21, Update 22, Update 23 | 6.0 Base, Update 1, Update 2, Update 3, Update 4, Update 5, Update 6, Update 7, Update 10, Update 11, Update 12, Update 13, Update 14, Update 15, Update 16, Update 17, Update 18, Update 19
Sun Microsystems, Inc.Java Software Development Kit (SDK) 1.4.2 Base, _01, _02, _03, _04, _05, _06, _07, _08, _09, _10, _11, _12, _13, _14, _15, _16, _17, _18, _19, _20, _21, _22, _23

Associated Products:
AppleMac OS X 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Base, Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel, PPC | 10.6.1 Intel, PPC | 10.6.2 Base | 10.6.3 Base
AppleMac OS X Server 10.5 Intel, PPC | 10.5.1 Intel, PPC | 10.5.2 Intel, PPC | 10.5.3 Intel, PPC | 10.5.4 Intel, PPC | 10.5.5 Intel, PPC | 10.5.6 Intel, PPC | 10.5.7 Intel, PPC | 10.5.8 Intel, PPC | 10.6 Intel, PPC | 10.6.1 Intel, PPC | 10.6.2 Base | 10.6.3 Base
CentOS ProjectCentOS 5 .0 i386, .0 x86_64, .1 i386, .1 x86_64, .2 i386, .2 x86_64, .3 i386, .3 x86_64
HPHP Systems Insight Manager (SIM) 4.2 Base, SP1, SP2 | 5.0 Base, SP1, SP2, SP3, SP4, SP5 | 5.1 Base | 5.2 Base, Update 1, Update 2 | 5.3 Base, Update 1 | 6.0 Base
HPHP-UX 11.11/11i Base | 11.23 Base | 11.31 Base
IBMJava Development Kit (JDK) 1.4 Base, .1, .2, .2 SR1, .2 SR2, .2 SR3, .2 SR4, .2 SR5, .2 SR6, .2 SR7, .2 SR8, .2 SR9, .2 SR10, .2 SR11, .2 SR12, .2 SR13, .2 SR13-FP1, .2 SR13-FP2, .2 SR13-FP3, .2 SR13-FP4
Red Hat, Inc.Red Hat Enterprise Linux 5 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop 5 IA-32, x86_64
Red Hat, Inc.Red Hat Enterprise Linux Desktop Supplementary 5.0 IA-32, x86-64
Red Hat, Inc.Red Hat Enterprise Linux Extras 3 IA-32, IA-64, PPC, s390, s390x, x86_64 | 4 IA-32, IA-64, x86_64, PPC, s390, s390x, ppc64 | 4.7.z IA-32, x86_64 | 4.8.z IA-32, IA-64, PPC, PPC-64, s390, s390x, x86_64
Red Hat, Inc.Red Hat Enterprise Linux for SAP Original Release x86_64
Red Hat, Inc.Red Hat Network Satellite 5.3 IA-32
Red Hat, Inc.RHEL Supplementary 5 IA-32, IA-64, PPC, PPC64, S390, S390x, x86_64
Red Hat, Inc.RHEL Supplementary EUS 5.3.z IA-32, x86_64 | 5.4.z IA-32, IA-64, PPC, PPC64, s390, s390x, x86_64 | 5.2.z IA-32, x86_64
Sun Microsystems, Inc.Java Development Kit (JDK) 5.0.0




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield