多个厂商的Java虚拟机字节地址校验漏洞-一一网

漏洞信息详情

多个厂商的Java虚拟机字节地址校验漏洞

CNNVD编号：CNNVD-200203-044

危害等级：高危
CVE编号：
CVE-2002-0076
漏洞类型：

设计错误
发布时间：

2002-03-19
威胁类型：

远程
更新时间：

2005-10-12
厂商：

sun
漏洞来源：

漏洞简介

Java虚拟机的实现存在漏洞，允许Java小程序突破安全机制限制。
这个漏洞是由于数据生成错误引起的。一个在字节地址级别构造的Java小程序可能会产生非法的生成操作，Java小程序的操作因此会跳出安全机制的限制，从而以运行虚拟机用户(可能是浏览器)的权限不受限制的执行系统级别的代码。
＜*链接：http：//sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll＆doc=secbull/218＆type=0＆nav=sec.sba
http：//www.microsoft.com/technet/security/bulletin/MS02-013.asp
*＞

漏洞公告

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 暂时没有好的临时解决方法。
厂商补丁：
HP
—
HP已经为此发布了一个安全公告(HPSBUX0203-187)以及相应补丁:

HPSBUX0203-187：Sec. Vulnerability in JRE Bytecode Verifier

补丁下载：

HP Java JRE/JDK for HP-UX 1.1.8:

HP Upgrade Java JDK/JRE 1.1.8.06

http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html” target=”_blank”>
http://www.hp.com/products1/unix/java/java1/jdk_jre/downloads/v11806/license_jdk_os11_1-18-06.html

Java 1.1.8 for HP-UX到2002-10-9将废弃，建议用户升级到1.3.1版本。

HP Java JRE/JDK for HP-UX 1.2.2:

HP Upgrade Java JDK/JRE 1.2.2.12

http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html” target=”_blank”>
http://www.hp.com/products1/unix/java/java2/sdkrte/downloads/index.html

HP Java JRE/JDK for HP-UX 1.3:

HP Upgrade Java JDK/JRE 1.3.1.02

http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html” target=”_blank”>
http://www.hp.com/products1/unix/java/java2/sdkrte1_3/downloads/index.html
Microsoft
———
Microsoft已经为此发布了一个安全公告(MS02-013)以及相应补丁:

MS02-013：Java Applet Can Redirect Browser Traffic

链接：http://www.microsoft.com/technet/security/bulletin/MS02-013.asp” target=”_blank”>
http://www.microsoft.com/technet/security/bulletin/MS02-013.asp

补丁下载：

Microsoft Upgrade msjavx86

http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe” target=”_blank”>
http://download.microsoft.com/download/vm/Install/3805/W9XNT4MeXP/EN-US/msjavx86.exe
Sun
—
Sun已经为此发布了一个安全公告(Sun-00218)以及相应补丁:

Sun-00218：Bytecode Verifier

链接：http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218&type=0&nav=sec.sba

补丁下载：

Sun JRE (Solaris Production Release) 1.1.8_14:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Solaris Production Release) 1.1.8_14:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Windows Production Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Windows Production Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JDK (Solaris Reference Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Reference Release) 1.1.8_008:

Sun Patch JDK and JRE 1.1.8_009 and 1.1.8_15

http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html” target=”_blank”>
http://java.sun.com/products/jdk/1.1/download-jdk-solaris.html

Sun JRE (Solaris Production Release) 1.2.2_10: