Sun Java Virtual Machine Infinite Loop in decodeArrayLoop() Lets Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1010091
|
|
SecurityTracker URL: http://securitytracker.com/id?1010091
|
|
CVE Reference: CAN-2004-0651
(Links to External Site)
|
Updated: Jul 14 2004
|
Original Entry Date: May 7 2004
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.4.2 - 1.4.2_03
|
Description: A vulnerability was reported in Sun's Java Runtime Environment in the Java Virtual Machine (JVM). A remote user can cause denial of service conditions on the target system.
Sun reported that a remote user can cause the JVM to enter an infinite loop and become unresponsive. The flaw reportedly resides
in the decodeArrayLoop() function in ISO2022_JP$Decoder.
Releases prior to 1.4.2 are not affected, the report said.
|
Impact: A remote user can cause the JVM to become unresponsive.
|
Solution: Sun has issued the following fixes, available at:
http://java.sun.com/j2se/
Windows Production Releases
* SDK and JRE
1.4.2_04 or later 1.4.2 releases
Solaris Operating Environment Releases
* SDK and JRE 1.4.2_04 or later 1.4.2 releases
Linux
Production Releases
* SDK and JRE 1.4.2_04 or later 1.4.2 releases
|
Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555 (Links to External Site)
|
Cause: State error
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Fri, 07 May 2004 08:26:07 -0400
Subject: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555
|
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57555
57555 Java Runtime Environment Remote Denial of Service(DoS) Vulnerability 6 May 2004
Sun reported that a remote user can exploit a vulnerability in the Java Runtime
Environment and cause the Java Virtual Machine to become unresponsive.
The following versions are affected:
Windows Production Releases
* SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
Solaris Operating Environment Releases
* SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
Linux Production Releases
* SDK and JRE 1.4.2_03 or earlier 1.4.2 releases
Releases prior to 1.4.2 are not affected, the report said.
Sun has issued the following fixes:
Windows Production Releases
* SDK and JRE 1.4.2_04 or later 1.4.2 releases
Solaris Operating Environment Releases
* SDK and JRE 1.4.2_04 or later 1.4.2 releases
Linux Production Releases
* SDK and JRE 1.4.2_04 or later 1.4.2 releases
SDK and JRE releases are available at: http://java.sun.com/j2se/
-----
* Sun Alert ID: 57555
* Synopsis: Java Runtime Environment Remote Denial of Service (DoS) Vulnerability
* Category: Security
* Product: Java JRE/SDK
* BugIDs: 4879522
* Avoidance: Upgrade
* State: Resolved
* Date Released: 06-May-2004
* Date Closed: 06-May-2004
* Date Modified:
|
|
