Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUN_JAVA_JRE_102760.NASL
HistoryJan 17, 2007 - 12:00 a.m.

Sun Java JRE GIF Image Handling Buffer Overflow (102760)

2007-01-1700:00:00
This script is Copyright (C) 2007-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

According to its version number, the Sun JRE running on the remote host has a buffer overflow issue that can be triggered when parsing a GIF image with the image width in an image block set to 0. If an attacker can trick a user on the affected system into processing a specially crafted image file, say by visiting a malicious website, he may be able to leverage this flaw to execute arbitrary code on the affected system subject to the user’s privileges.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(24022);
  script_version("1.35");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id("CVE-2007-0243");
  script_bugtraq_id(22085);

  script_name(english:"Sun Java JRE GIF Image Handling Buffer Overflow (102760)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has a version of Sun's Java Runtime
Environment that is affected by a buffer overflow vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its version number, the Sun JRE running on the remote
host has a buffer overflow issue that can be triggered when parsing a
GIF image with the image width in an image block set to 0.  If an
attacker can trick a user on the affected system into processing a
specially crafted image file, say by visiting a malicious website, he
may be able to leverage this flaw to execute arbitrary code on the
affected system subject to the user's privileges.");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-07-005/");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2007/Jan/326");
  # http://web.archive.org/web/20080611150434/http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10693d33");
  script_set_attribute(attribute:"solution", value:
"Update to Sun Java 2 JDK and JRE 5.0 Update 10 / SDK and JRE 1.4.2_13
/ SDK and JRE 1.3.1_19 or later and if necessary, remove any affected
versions.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_cwe_id(119);

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/01/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/01/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:jre");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sun_java_jre_installed.nasl");
  script_require_keys("SMB/Java/JRE/Installed");

  exit(0);
}


include("global_settings.inc");
include("misc_func.inc");


# Check each installed JRE.
installs = get_kb_list("SMB/Java/JRE/*");
if (isnull(installs)) exit(1, "The 'SMB/Java/JRE/' KB item is missing.");

info = "";
vuln = 0;
installed_versions = "";

foreach install (list_uniq(keys(installs)))
{
  ver = install - "SMB/Java/JRE/";
  if (ver =~ "^[0-9.]+")
    installed_versions = installed_versions + " & " + ver;
  if (
    ver =~ "^1\.5\.0_0[0-9][^0-9]?" ||
    ver =~ "^1\.4\.([01]_|2_(0[0-9]|1[0-2][^0-9]?))" ||
    ver =~ "^1\.3\.(0_|1_(0[0-9]|1[0-8][^0-9]?))"
  )
  {
    dirs = make_list(get_kb_list(install));
    vuln += max_index(dirs);

    foreach dir (dirs)
      info += '\n  Path              : ' + dir;

    info += '\n  Installed version : ' + ver;
    info += '\n  Fixed version     : 1.5.0_10 / 1.4.2_13\n';
  }
}


# Report if any were found to be vulnerable.
if (info)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    if (vuln > 1) s = "s of Java are";
    else s = " of Java is";

    report =
      '\n' +
      'The following vulnerable instance'+s+' installed on the\n' +
      'remote host :\n' +
      info;
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else
{
  installed_versions = substr(installed_versions, 3);
  if (" & " >< installed_versions)
    exit(0, "The Java "+installed_versions+" installs on the remote host are not affected.");
  else
    exit(0, "The Java "+installed_versions+" install on the remote host is not affected.");
}
VendorProductVersionCPE
oraclejrecpe:/a:oracle:jre

Related

checkpoint_advisories 3
openvas 11
nessus 15
prion 2
redhat 6
zdi 1
gentoo 2
cert 1
cve 2
seebug 1
securityvulns 3
suse 1
checkpoint_advisories
checkpoint_advisories
Sun Java GIF File Handling Memory Corruption (CVE-2007-0243)
2009-12-29 00:00:00
Sun Java GIF File Handling Memory Corruption - Improved Performance (CVE-2007-0243)
2013-05-12 00:00:00
Update Protection against Sun Java GIF Image Remote Code Execution Vulnerability
2007-05-13 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200702-07 (java)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200702-07 (java)
2008-09-24 00:00:00
HP-UX Update for HP-UX Pkg HPSBUX02196
2009-05-05 00:00:00
nessus
nessus
GLSA-200702-07 : Sun JDK/JRE: Execution of arbitrary code
2007-02-18 00:00:00
Sun Java JRE GIF Image Handling Buffer Overflow (102760) (Unix)
2013-02-22 00:00:00
RHEL 3 / 4 / 5 : java-1.4.2-ibm (RHSA-2007:0166)
2009-08-24 00:00:00
prion
prion
Buffer overflow
2007-01-17 22:28:00
Design/Logic Flaw
2007-01-17 00:28:00
redhat
redhat
(RHSA-2007:0167) Critical: java-1.5.0-ibm security update
2007-04-25 00:00:00
(RHSA-2007:0166) Critical: java-1.4.2-ibm security update
2007-04-25 00:00:00
(RHSA-2007:0072) Critical: IBMJava2 security update
2007-02-08 00:00:00
zdi
zdi
Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
2007-01-16 00:00:00
gentoo
gentoo
Sun JDK/JRE: Execution of arbitrary code
2007-02-17 00:00:00
AMD64 x86 emulation Sun's J2SE Development Kit: Multiple vulnerabilities
2007-02-17 00:00:00
cert
cert
Sun Microsystems Java GIF image processing buffer overflow
2007-01-17 00:00:00
cve
cve
CVE-2007-0243
2007-01-17 22:28:00
CVE-2007-0234
2007-01-17 00:28:00
seebug
seebug
Sun JavaθΏθ‘Œζ—ΆηŽ―ε’ƒGIFε›Ύε½’ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2007-01-17 00:00:00
securityvulns
securityvulns
ZDI-07-005: Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
2007-01-18 00:00:00
Sun Java memory corruption
2007-01-23 00:00:00
US-CERT Technical Cyber Security Alert TA07-022A
2007-01-23 00:00:00
suse
suse
remote code execution in IBM Java, Sun Java
2007-07-18 17:38:23
JSON
Related for SUN_JAVA_JRE_102760.NASL
checkpoint_advisories3openvas11nessus15prion2redhat6zdi1gentoo2cert1cve2seebug1securityvulns3suse1