Sun Java Runtime Environment に複数の脆弱性
http://jvn.jp/tr/TRTA07-022A
JVNRSS based Status Tracking Notes: Sun から Java Runtime Environment に関するアップデートが公開されました。なお、すでに攻撃方法に関する情報が公開されています。JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-022A2007-01-26T06:55+09:002007-01-24T15:47+09:002007-01-26T06:55+09:00Sun Updates for Multiple Vulnerabilities in Java
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
US-CERT メーリングリスト経由で Technical Cyber Security Alert 受信
US-CERTTA07-022A2007-01-22T14:34-05:002007-01-22T14:34-05:002007-01-22T14:34-05:00Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
http://www.securityfocus.com/bid
Java の GIF ファイル処理にバッファ オーバーランの脆弱性(CVE-2007-0243) 検証コードに関する報告
#Cid: JvmGifVulPoc.java
#Tested: Sun JRE 1.5
Bugtraqhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432007-01-212007-01-212007-01-21Exploit Code Available for Multiple Vulnerabilities in Sun Java Runtime Environment
http://www.us-cert.gov/current/archive/2007/01/10/archive.html#sunjpriv
US-CERT Current Activityとして検証コードの存在を報告
US-CERThttp://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/939609http://www.kb.cert.org/vuls/id/1022892007-01-102007-01-102007-01-10Sun JDK sandbox escape via native code vulnerabilities
http://scary.beasts.org/security/CESA-2005-008.txt
脆弱性(CVE-2006-6731)に関する報告を公開
CESA-2005-008http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-67312006-12-19T22:03+00:002006-12-19T22:03+00:002006-12-19T22:03+00:00Security Vulnerabilities in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges and Execute Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
Sun Microsystems102729http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731http://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/9396092006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
Sun Microsystems102731http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745http://www.kb.cert.org/vuls/id/1022892006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
GIF ファイル処理に起因する脆弱性(CVE-2007-0243)
脆弱性をベンダに報告
Zero Day Initiative (ZDI)ZDI-07-005http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432006-06-162006-06-162006-06-16