CVE-2002-0076
CVSS7.5
发布时间 :2002-03-19 00:00:00
修订时间 :2008-09-05 16:27:06
NMCO    

[原文]Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.


[CNNVD]多个厂商的Java虚拟机字节地址校验漏洞(CNNVD-200203-044)

        
        Java虚拟机的实现存在漏洞,允许Java小程序突破安全机制限制。
        这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作,Java小程序的操作因此会跳出安全机制的限制,从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。
        <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
         http://www.microsoft.com/technet/security/bulletin/MS02-013.asp
        *>

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sun:jre:1.3.0:update5Sun J2RE 1.3.0_05
cpe:/a:sun:jdk:1.1.8:update8Sun JDK 1.1.8 _008
cpe:/a:sun:jre:1.1.8:update8Sun JRE 1.1.8 _008
cpe:/a:hp:java_jre-jdk:1.3
cpe:/a:sun:jre:1.3.1:update1aSun JRE 1.3.1_01a
cpe:/a:sun:sdk:1.2.2_10Sun SDK 1.2.2_10
cpe:/a:sun:sdk:1.3.1_01aSun SDK 1.3.1_01a
cpe:/a:sun:jdk:1.1.8:update14Sun JDK 1.1.8 _14
cpe:/a:sun:jre:1.3.1:update1Sun JRE 1.3.1_01
cpe:/a:hp:java_jre-jdk:1.1.8
cpe:/a:microsoft:virtual_machine:3802
cpe:/a:sun:jre:1.2.2:update10Sun JRE 1.2.2_010
cpe:/a:hp:java_jre-jdk:1.2.2
cpe:/a:sun:sdk:1.2.2_010Sun SDK 1.2.2_010
cpe:/a:sun:jre:1.1.8:update14Sun JRE 1.1.8 _14
cpe:/a:sun:sdk:1.3.1_01Sun SDK 1.3.1_01
cpe:/a:sun:sdk:1.3_05Sun SDK 1.3_05

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0076
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0076
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-044
(官方数据源) CNNVD

- 其它链接及资源

http://www.microsoft.com/technet/security/bulletin/ms02-013.asp
(VENDOR_ADVISORY)  MS  MS02-013
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218
(VENDOR_ADVISORY)  SUN  00218
http://www.securityfocus.com/bid/4313
(UNKNOWN)  BID  4313
http://www.iss.net/security_center/static/8480.php
(UNKNOWN)  XF  java-vm-verifier-variant(8480)

- 漏洞信息

多个厂商的Java虚拟机字节地址校验漏洞
高危 设计错误
2002-03-19 00:00:00 2005-10-12 00:00:00
远程  
        
        Java虚拟机的实现存在漏洞,允许Java小程序突破安全机制限制。
        这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作,Java小程序的操作因此会跳出安全机制的限制,从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。
        <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba
         http://www.microsoft.com/technet/security/bulletin/MS02-013.asp
        *>

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时没有好的临时解决方法。
        厂商补丁:
        HP
        --
        HP已经为此发布了一个安全公告(HPSBUX0203-187)以及相应补丁:
        HPSBUX0203-187:Sec. Vulnerability in JRE Bytecode Verifier
        补丁下载:
        HP Java JRE/JDK for HP-UX 1.1.8:
        HP Upgrade Java JDK/JRE 1.1.8.06
        
        http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html

        Java 1.1.8 for HP-UX到2002-10-9将废弃,建议用户升级到1.3.1版本。
        HP Java JRE/JDK for HP-UX 1.2.2:
        HP Upgrade Java JDK/JRE 1.2.2.12
        
        http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html

        HP Java JRE/JDK for HP-UX 1.3:
        HP Upgrade Java JDK/JRE 1.3.1.02
        
        http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html

        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:
        MS02-013:Java Applet Can Redirect Browser Traffic
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-013.asp

        补丁下载:
        Microsoft Upgrade msjavx86
        
        http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe

        Sun
        ---
        Sun已经为此发布了一个安全公告(Sun-00218)以及相应补丁:
        Sun-00218:Bytecode Verifier
        链接:
        http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba

        补丁下载:
        Sun JRE (Solaris Production Release) 1.1.8_14:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JDK (Solaris Production Release) 1.1.8_14:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JRE (Windows Production Release) 1.1.8_008:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JDK (Windows Production Release) 1.1.8_008:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JDK (Solaris Reference Release) 1.1.8_008:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JRE (Solaris Reference Release) 1.1.8_008:
        Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15
        
        http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

        Sun JRE (Solaris Production Release) 1.2.2_10:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun JRE (Solaris Reference Release) 1.2.2_10:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun SDK (Solaris Production Release) 1.2.2_10:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun SDK (Windows Production Release) 1.2.2_10:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun SDK (Solaris Reference Release) 1.2.2_010:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun SDK (Linux Production Release) 1.2.2_010:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun JRE (Windows Production Release) 1.2.2_010:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun JRE (Linux Production Release) 1.2.2_010:
        Sun Patch SDK and JRE 1.2.2_011
        
        http://java.sun.com/j2se/1.2/

        Sun JRE (Windows Production Release) 1.3_05:
        Sun SDK (Solaris Production Release) 1.3_05:
        Sun JRE (Solaris Production Release) 1.3_05:
        Sun SDK (Windows Production Release) 1.3_05:
        Sun JRE (Linux Production Release) 1.3_05:
        Sun SDK (Linux Production Release) 1.3_05:
        Sun JRE (Windows Production Release) 1.3.1_01a:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

        Sun SDK (Windows Production Release) 1.3.1_01a:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

        Sun JRE (Solaris Production Release) 1.3.1_01:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

        Sun SDK (Solaris Production Release) 1.3.1_01:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

        Sun SDK (Linux Production Release) 1.3.1_01:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

        Sun JRE (Linux Production Release) 1.3.1_01:
        Sun Patch SDK and JRE 1.3.1_02
        
        http://java.sun.com/j2se/1.3/

- 漏洞信息

5376
Sun Java JRE Bytecode Verifier Restriction Bypass

- 漏洞描述

- 时间线

2004-04-09 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站