Vendor Status Note JVNCIAC-S-327

IBM Java2 JRE および SDK に複数の脆弱性

概要

IBM Java2 JRE および SDK には、複数の脆弱性があります。

想定される影響

遠隔の第三者が権限を昇格したり、任意のコードを実行したりする可能性があります。

ベンダ情報

ベンダリンク更新日
Red HatRed Hat Security Advisory RHSA-2008:0133
Moderate: IBMJava2 security update
サンマイクロシステムズSun Alert Notification 200856
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code May Allow a Untrusted Applet to Elevate Privileges
Sun Alert Notification 201551
A Security Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
参考情報

  1. ISS X-Force Database: sun-java-image-bo(34652)
    Sun Java Runtime Environment (JRE) image parsing buffer overflow
  2. ISS X-Force Database: sun-java-virtual-machine-dos(34654)
    Sun Java Runtime Environment (JRE) Java Virtual Machine denial of service
  3. ISS X-Force Database: sun-java-class-unauthorized-access(35491)
    Sun Java Runtime Environment (JRE) Applet Class Loader unauthorized access
  4. ISS X-Force Database: rhel-rhsa-2007-0817-update(38071)
    RHSA-2007-0817 update not installed
  5. ISS X-Force Database: rhel-rhsa-2007-0829-update(38072)
    RHSA-2007-0829 update not installed
  6. ISS X-Force Database: rhel-rhsa-2007-1086-update(39057)
    RHSA-2007-1086 update not installed

JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2008-2501 ( 2008-07-02 )
CIAC BulletinS-327 IBMJava2 Security Update ( 2008-06-26 )
CVE2007-3004 [CVE+] XF39057,XF38072,XF34652,XF38071
2007-3005 [CVE+] XF39057,XF34654,XF38072,XF38071
2007-3922 [CVE+] XF35491,XF38072
PGP署名JVNCIAC-S-327.html.sig

登録日12:49 2008/07/21
更新日12:49 2008/07/21

Copyright(C) 2002-2009 Keio Univ. All rights reserved.