59711 : Sun Java JDK / JRE HsbParser.getSoundBank Function file:// URI Parsing Overflow
Printer | http://osvdb.org/59711 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
22	1814	over 3 years ago	10 months ago	17 times	55%

This Entry needs help! It is only 55% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Timeline

Disclosure Date
2009-11-03

Description

<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3867" target="_blank">CVE</a>)</em> : Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle (formerly Sun Microsystems) has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1023132
CVE ID: 2009-3867 (see also: NVD) 2010-0079 (see also: NVD)
Bugtraq ID: 36881
Secunia Advisory ID: 37231 37239 37305 37386 37581 37597 37646 37941 37945 38023 38049 38059 38142 38384 38438 38490 45985 49966
Related OSVDB ID: 59705 59707 59708 59709 59710 59712 59713 59714 59715 59716 59717 59718
Metasploit ID: 59711
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0474.html
http://attrition.org/pipermail/vim/2010-January/002315.html
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03005726
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03405642
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00001.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1
http://support.apple.com/kb/HT3969
http://support.apple.com/kb/HT3970
http://www.gentoo.org/security/en/glsa/glsa-200911-02.xml
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/jre_hsbparser_getsoundbank
Vendor Specific News/Changelog Entry: http://java.sun.com/javase/6/webnotes/6u17.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00004.html
http://lists.vmware.com/pipermail/security-announce/2010/000078.html
https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01997760
Vendor Specific Solution URL: http://support.apple.com/kb/DL971
http://support.apple.com/kb/DL972
Other Advisory URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://www.vupen.com/english/advisories/2009/3131
http://zerodayinitiative.com/advisories/ZDI-09-076/
News Article: http://www.theregister.co.uk/2009/12/04/mac_windows_java_attack/
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2009-1560.html
https://rhn.redhat.com/errata/RHSA-2009-1643.html
https://rhn.redhat.com/errata/RHSA-2009-1647.html
https://rhn.redhat.com/errata/RHSA-2010-0043.html

Tools & Filters

	42373
	sun_java_hsbparser_linux

Credit

Anonymous - Zero Day Initiative (ZDI)

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2010-01-13 | Disagree? | There are 1 more: View All

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.