Signature Detail
Short Name |
HTTP:STC:JAVA:GIF-MEMCORRUPT |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Sun Java GIF File Handling Memory Corruption |
Release Date |
2010/09/30 |
Update Number |
1783 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Sun Java GIF File Handling Memory Corruption
This signature detects attempts to exploit a known vulnerability against Sun Java SDK and Java Runtime Environment. A successful attack can lead to arbitrary code execution.
Extended Description
The Java Runtime Environment is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a victim into opening a maliciously crafted Java applet. The attacker can exploit these issues to execute arbitrary code with the privileges of the victim. Failed exploit attempts will likely result in denial-of-service conditions. This issue is being tracked by BugID: 6445518
Affected Products
- Apple Mac OS X 10.4.10
- Apple Mac OS X 10.4.11
- Apple Mac OS X Server 10.4.10
- Apple Mac OS X Server 10.4.11
- Avaya Interactive Response 1.3.0
- Avaya Interactive Response 2.0
- Avaya Predictive Dialer
- BEA Systems JRockit 1.4.2
- BEA Systems JRockit 1.4.2 R4.5
- BEA Systems JRockit 3.1.1
- BEA Systems JRockit 3.1.2
- BEA Systems JRockit 3.1.3
- BEA Systems JRockit 3.1.4
- BEA Systems JRockit 3.1.4 .1
- BEA Systems JRockit 3.1.5
- BEA Systems JRockit 7.0.0
- BEA Systems JRockit 8.0.0
- BEA Systems JRockit 8.1.0
- Gentoo Linux
- HP HP-UX B.11.11
- HP HP-UX B.11.23
- Red Hat Enterprise Linux Extras 3
- Red Hat Enterprise Linux Extras 4
- Red Hat Enterprise Linux Supplementary 5 Server
- Red Hat Network Satellite (for RHEL 3) 4.2
- Red Hat Network Satellite (for RHEL 4) 4.2
- Red Hat Red Hat Network Satellite Server 5.0.0
- Slackware Linux 10.0.0
- Slackware Linux 10.1.0
- Slackware Linux 10.2.0
- Slackware Linux 11.0
- Slackware Linux 12.0
- Slackware Linux 8.1.0
- Slackware Linux 9.0.0
- Slackware Linux 9.1.0
- Sun JRE (Linux Production Release) 1.3.1 01
- Sun JRE (Linux Production Release) 1.3.1 01A
- Sun JRE (Linux Production Release) 1.3.1 04
- Sun JRE (Linux Production Release) 1.3.1 08
- Sun JRE (Linux Production Release) 1.3.1 15
- Sun JRE (Linux Production Release) 1.3.1 16
- Sun JRE (Linux Production Release) 1.3.1 17
- Sun JRE (Linux Production Release) 1.3.1 18
- Sun JRE (Linux Production Release) 1.4.2 01
- Sun JRE (Linux Production Release) 1.4.2 02
- Sun JRE (Linux Production Release) 1.4.2 03
- Sun JRE (Linux Production Release) 1.4.2 04
- Sun JRE (Linux Production Release) 1.4.2 05
- Sun JRE (Linux Production Release) 1.4.2 06
- Sun JRE (Linux Production Release) 1.4.2 07
- Sun JRE (Linux Production Release) 1.4.2 08
- Sun JRE (Linux Production Release) 1.4.2 09
- Sun JRE (Linux Production Release) 1.4.2 10-B03
- Sun JRE (Linux Production Release) 1.4.2 11
- Sun JRE (Linux Production Release) 1.5.0 01
- Sun JRE (Linux Production Release) 1.5.0 02
- Sun JRE (Linux Production Release) 1.5.0 03
- Sun JRE (Linux Production Release) 1.5.0 04
- Sun JRE (Linux Production Release) 1.5.0 05
- Sun JRE (Linux Production Release) 1.5.0 07
- Sun JRE (Linux Production Release) 1.5.0 08
- Sun JRE (Linux Production Release) 1.5.0 09
- Sun SDK (Linux Production Release) 1.4.2 01
- Sun SDK (Linux Production Release) 1.4.2 02
- Sun SDK (Linux Production Release) 1.4.2 03
- Sun SDK (Linux Production Release) 1.4.2 04
- Sun SDK (Linux Production Release) 1.4.2 05
- Sun SDK (Linux Production Release) 1.4.2 06
- Sun SDK (Linux Production Release) 1.4.2 07
- Sun SDK (Linux Production Release) 1.4.2 08
- Sun SDK (Linux Production Release) 1.5.0
- Sun SDK (Linux Production Release) 1.5.0_01
- Sun SDK (Linux Production Release) 1.5.0_02
- Sun SDK (Linux Production Release) 1.5.0_03
- Sun SDK (Linux Production Release) 1.5.0_07
- SuSE Linux 10.0 Ppc
- SuSE Linux 10.0 X86
- SuSE Linux 10.0 X86-64
- SuSE Linux 10.1 Ppc
- SuSE Linux 10.1 X86
- SuSE Linux 10.1 X86-64
- SuSE Linux Desktop 1.0.0
- SuSE Linux Openexchange Server
- SuSE Novell Linux Desktop 9.0.0
- SuSE Novell Linux POS 9
- SuSE Open-Enterprise-Server
- SuSE openSUSE 10.2
- SuSE SUSE Linux Enterprise Desktop 10 SP1
- SuSE SUSE Linux Enterprise SDK 10.SP1
- SuSE SUSE Linux Enterprise Server 10 SP1
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- SuSE UnitedLinux 1.0.0
- Turbolinux Home
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux 10 F...
- Turbolinux FUJI
- Turbolinux Turbolinux Desktop 10.0.0
- Turbolinux Turbolinux Server 10.0.0
- Turbolinux Turbolinux Server 10.0.0 X64
- Turbolinux Turbolinux Server 10.0.0 X86
References
- BugTraq: 22085
- CVE: CVE-2007-0243