VRDAフィード：脆弱性脅威分析用情報の定型データ配信

VRDA Feed by

Vulnerability Response Decision Assistance Feed : 脆弱性脅威分析用情報の定型データ配信

分析対象脆弱性情報 (リビジョン番号 : 1)

VRDA-090904-001 ( CVE-2009-2475 | CVE-2009-2476 | CVE-2009-2670 | CVE-2009-2690 | CVE-2009-0217 | CVE-2009-2671 | CVE-2009-2672 | CVE-2009-2673 | CVE-2009-2674 | CVE-2009-2689 | CVE-2009-2675 | CVE-2009-2625 | CVE-2009-2722 | CVE-2009-2723 | CVE-2009-2475 | CVE-2009-2670 | CVE-2009-2690 | CVE-2009-2671 | CVE-2009-2672 | CVE-2009-2673 | CVE-2009-2689 | CVE-2009-2675 | CVE-2009-2625 | CVE-2009-2475 | CVE-2009-2689 | CVE-2009-2205 )

About the security content of Java for Mac OS X 10.5 Update 5

http://support.apple.com/kb/HT3851

This document describes the security content of Java for Mac OS X 10.5 Update 5.

この情報について

分析情報提供元:

JPCERT/CC

初版公開日:

2009-09-04

分析対象脆弱性情報の分類:

アドバイザリ・注意喚起

最終更新日:

2009-09-04

脆弱性の影響を受ける製品の識別子

cpe:/a:apple:mac_os_x (Apple Mac OS X AppleTalk)

lapt:/a:apple:java (Apple Java for Mac OS X)

脆弱性の分析内容

[分析に利用した情報の信頼性]^[?]

低^[?]

中^[?]

高^[?]

[影響の大きさ]^[?]

小^[?]

小～中^[?]

中～大^[?]

大^[?]

[攻撃経路]^[?]

物理アクセス^[?]

ローカルマシン上^[?]

同一セグメント上^[?]

インターネット経由^[?]

[認証レベル]^[?]

管理者アカウント^[?]

一般ユーザアカウント^[?]

フリーアカウント^[?]

不要^[?]

[攻撃成立に必要なユーザの関与]^[?]

複雑^[?]

簡単^[?]

不要^[?]

[攻撃の難易度]^[?]

高^[?]

中～高^[?]

低～中^[?]

低^[?]

[対策の有無]^[?]

公式パッチ有り^[?]

公式回避策有り^[?]

非公式回避策・パッチ有り^[?]

なし^[?]

[インシデントの発生状況]^[?]

活動なし^[?]

Exploit/PoCあり^[?]

活動あり^[?]

Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK,might allow context-dependent attackers to obtain sensitiveinformation via vectors involving static variables that are declaredwithout the final keyword, related to (1) LayoutQueue, (2)Cursor.predefined, (3) AccessibleResourceBundle.getContents, (4)ImageReaderSpi.STANDARD_INPUT_TYPE, (5)ImageWriterSpi.STANDARD_OUTPUT_TYPE, (6) the imageio plugins, (7)DnsContext.debug, (8) RmfFileReader/StandardMidiFileWriter.types, (9)AbstractSaslImpl.logger, (10)Synth.Region.uiToRegionMap/lowerCaseNameMap, (11) the Introspectorclass and a cache of BeanInfo, and (12) JAX-WS, a differentvulnerability than CVE-2009-2673.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2476

The Java Management Extensions (JMX) implementation in Sun Java SE 6before Update 15, and OpenJDK, does not properly enforce OpenTypechecks, which allows context-dependent attackers to bypass intendedaccess restrictions by leveraging finalizer resurrection to obtain areference to a privileged object.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2670

The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE6 before Update 15, and JDK and JRE 5.0 before Update 20, does notprevent access to java.lang.System properties by (1) untrusted appletsand (2) Java Web Start applications, which allows context-dependentattackers to obtain sensitive information by reading these properties.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2690

The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grantsread access to private variables with unspecified names, which allowscontext-dependent attackers to obtain sensitive information via anuntrusted (1) applet or (2) application.

Common Vulnerabilities and Exposures (CVE) CVE-2009-0217

The design of the W3C XML Signature Syntax and Processing (XMLDsig)recommendation, as implemented in products including (1) the OracleSecurity Developer Tools component in Oracle Application Server10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server componentin BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6;(3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5)IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update14 and earlier; and other products uses a parameter that defines anHMAC truncation length (HMACOutputLength) but does not require aminimum for this length, which allows attackers to spoof HMAC-basedsignatures and bypass authentication by specifying a truncation lengthwith a small number of bits.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2671

The SOCKS proxy implementation in Sun Java Runtime Environment (JRE)in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update20, allows remote attackers to discover the username of the accountthat invoked an untrusted (1) applet or (2) Java Web Start applicationvia unspecified vectors.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2672

The proxy mechanism implementation in Sun Java Runtime Environment(JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 beforeUpdate 20, does not prevent access to browser cookies by untrusted (1)applets and (2) Java Web Start applications, which allows remoteattackers to hijack web sessions via unspecified vectors.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2673

The proxy mechanism implementation in Sun Java Runtime Environment(JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 beforeUpdate 20, allows remote attackers to bypass intended accessrestrictions and connect to arbitrary sites via unspecified vectors,related to a declaration that lacks the final keyword.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2674

Integer overflow in javaws.exe in Sun Java Web Start in Sun JavaRuntime Environment (JRE) in JDK and JRE 6 before Update 15 allowscontext-dependent attackers to execute arbitrary code via a craftedJPEG image that is not properly handled during display to a splashscreen, which triggers a heap-based buffer overflow.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2689

JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6before Update 15, and OpenJDK, grants full privileges to instances ofunspecified object types, which allows context-dependent attackers tobypass intended access restrictions via an untrusted (1) applet or (2)application.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2675

Integer overflow in the unpack200 utility in Sun Java RuntimeEnvironment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE5.0 before Update 20, allows context-dependent attackers to gainprivileges via unspecified length fields in the header of aPack200-compressed JAR file, which leads to a heap-based bufferoverflow during decompression.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2625

Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) inJDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20,and in other products, allows remote attackers to cause a denial ofservice (infinite loop and application hang) via malformed XML input,as demonstrated by the Codenomicon XML fuzzing framework.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2722

Multiple unspecified vulnerabilities in the Provider class in Sun JavaSE 5.0 before Update 20 have unknown impact and attack vectors, akaBugId 6429594. NOTE: this issue exists because of an incorrect fix forBugId 6406003.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2723

Unspecified vulnerability in deserialization in the Provider class inSun Java SE 5.0 before Update 20 has unknown impact and attackvectors, aka BugId 6444262.

Common Vulnerabilities and Exposures (CVE) CVE-2009-2475

Common Vulnerabilities and Exposures (CVE) CVE-2009-2670

Common Vulnerabilities and Exposures (CVE) CVE-2009-2690

Common Vulnerabilities and Exposures (CVE) CVE-2009-2671

Common Vulnerabilities and Exposures (CVE) CVE-2009-2672

Common Vulnerabilities and Exposures (CVE) CVE-2009-2673

Common Vulnerabilities and Exposures (CVE) CVE-2009-2689

Common Vulnerabilities and Exposures (CVE) CVE-2009-2675

Common Vulnerabilities and Exposures (CVE) CVE-2009-2625

Common Vulnerabilities and Exposures (CVE) CVE-2009-2475

Common Vulnerabilities and Exposures (CVE) CVE-2009-2689

Common Vulnerabilities and Exposures (CVE) CVE-2009-2205

参考情報