|
|
多个厂商Java虚拟机java.util.zip类空值拒绝服务攻击漏洞
发布时间:2003-03-27
更新时间:2003-03-27
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:7109
受影响系统Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _03
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.4 .0_03
Sun JRE (Linux Production Release) 1.4 .0_02
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.4.1 _01
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _03
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.4 .0_03
Sun JRE (Solaris Production Release) 1.4 .0_02
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.4.1 _01
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _03
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.4 .0_03
Sun JRE (Windows Production Release) 1.4 .0_02
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.4.1 _01
Sun JRE (Windows Production Release) 1.4.1
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.4 .0_03
Sun SDK (Linux Production Release) 1.4 .0_02
Sun SDK (Linux Production Release) 1.4
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.4 .0_03
Sun SDK (Solaris Production Release) 1.4 .0_02
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.4 .0_03
Sun SDK (Windows Production Release) 1.4 .0_02
Sun SDK (Windows Production Release) 1.4
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1 详细描述
几个厂商的Java虚拟机实现上存在拒绝服务攻击漏洞,漏洞存在于java.util.zip类的几种方法中。这些方法可以带上某些参数被调用,但程序没有检查参数是否为空值。当这些方法以空值作为参数被调用时,会使Java虚拟机进入未知的状态导致不可预知的后果,很可能是程序崩溃。
解决方案
厂商已经在新版的软件中修复了此漏洞:
http://java.sun.com/j2se/1.4/
相关信息
Marc Schoenefeld <schonef@uni-muenster.de>
Denial-Of-Service holes in JDK 1.4.1_01
http://online.securityfocus.com/archive/1/315146
|
