多种系统JAVA虚拟机字节码读写校验漏洞发布时间:2002-03-21 更新时间:2002-03-21 严重程度:高 威胁程度:远程管理员权限 错误类型:设计错误 利用方式:客户机模式 BUGTRAQ ID:4313 受影响系统 HP Java JRE/JDK for HP-UX 1.1.8详细描述 Java虚拟机实现存在漏洞可以导致恶意JAVA APPLET程序绕过"安全箱"验证处理。 Java语言通过casting操作提供转换类型的操作,多数情况下,用来转换数据类型,其中在JAVA虚拟机上casting操作的安全检查存在漏洞,可以导致攻击者利用这个漏洞执行"安全箱"(sandbox)之外的代码。根据运行JAVA虚拟机用户的级别不同攻击者可以以如SYSTEM权利执行任意代码。 测试代码 尚无 解决方案 补丁下载: HP Java JRE/JDK for HP-UX 1.1.8: HP Upgrade Java JDK/JRE 1.1.8.06 http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html Java 1.1.8 for HP-UX will be obsoleted October 9, 2002. Users and administrators are advised to upgrade to 1.3.1. HP Java JRE/JDK for HP-UX 1.2.2: HP Upgrade Java JDK/JRE 1.2.2.12 http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html HP Java JRE/JDK for HP-UX 1.3: HP Upgrade Java JDK/JRE 1.3.1.02 http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html Microsoft Virtual Machine 3802 Series 0.0: Microsoft Upgrade msjavx86 http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe Sun JRE (Solaris Production Release) 1.1.8_14: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JDK (Solaris Production Release) 1.1.8_14: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JRE (Windows Production Release) 1.1.8_008: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JDK (Windows Production Release) 1.1.8_008: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JDK (Solaris Reference Release) 1.1.8_008: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JRE (Solaris Reference Release) 1.1.8_008: Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15 http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html Sun JRE (Solaris Production Release) 1.2.2_10: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun JRE (Solaris Reference Release) 1.2.2_10: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun SDK (Solaris Production Release) 1.2.2_10: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun SDK (Windows Production Release) 1.2.2_10: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun SDK (Solaris Reference Release) 1.2.2_010: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun SDK (Linux Production Release) 1.2.2_010: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun JRE (Windows Production Release) 1.2.2_010: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun JRE (Linux Production Release) 1.2.2_010: Sun Patch SDK and JRE 1.2.2_011 http://java.sun.com/j2se/1.2/ Sun JRE (Windows Production Release) 1.3_05: Sun SDK (Solaris Production Release) 1.3_05: Sun JRE (Solaris Production Release) 1.3_05: Sun SDK (Windows Production Release) 1.3_05: Sun JRE (Linux Production Release) 1.3_05: Sun SDK (Linux Production Release) 1.3_05: Sun JRE (Windows Production Release) 1.3.1_01a: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Sun SDK (Windows Production Release) 1.3.1_01a: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Sun JRE (Solaris Production Release) 1.3.1_01: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Sun SDK (Solaris Production Release) 1.3.1_01: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Sun SDK (Linux Production Release) 1.3.1_01: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Sun JRE (Linux Production Release) 1.3.1_01: Sun Patch SDK and JRE 1.3.1_02 http://java.sun.com/j2se/1.3/ Microsoft windows : http://www.microsoft.com/java/vm/dl_vm40.htm 相关信息 参考:http://online.securityfocus.com/advisories/3980 http://online.securityfocus.com/advisories/3978 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-013.asp |
