Sun Java Runtime Environment に複数の脆弱性
http://jvn.jp/tr/TRTA07-022A
JVNRSS based Status Tracking Notes: Sun から Java Runtime Environment に関するアップデートが公開されました。なお、すでに攻撃方法に関する情報が公開されています。JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-022A2007-01-26T06:55+09:002007-01-24T15:47+09:002007-01-26T06:55+09:00Sun Updates for Multiple Vulnerabilities in Java
http://www.us-cert.gov/cas/techalerts/TA07-022A.html
US-CERT メーリングリスト経由で Technical Cyber Security Alert 受信
US-CERTTA07-022A2007-01-22T14:34-05:002007-01-22T14:34-05:002007-01-22T14:34-05:00Sun Java RunTime Environment GIF Images Buffer Overflow Vulnerability
http://www.securityfocus.com/bid
Java の GIF ファイル処理にバッファ オーバーランの脆弱性(CVE-2007-0243) 検証コードに関する報告
#Cid: JvmGifVulPoc.java
#Tested: Sun JRE 1.5
Bugtraqhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432007-01-212007-01-212007-01-21Exploit Code Available for Multiple Vulnerabilities in Sun Java Runtime Environment
http://www.us-cert.gov/current/archive/2007/01/10/archive.html#sunjpriv
US-CERT Current Activityとして検証コードの存在を報告
US-CERThttp://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/939609http://www.kb.cert.org/vuls/id/1022892007-01-102007-01-102007-01-10Sun JDK sandbox escape via native code vulnerabilities
http://scary.beasts.org/security/CESA-2005-008.txt
脆弱性(CVE-2006-6731)に関する報告を公開
CESA-2005-008http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-67312006-12-19T22:03+00:002006-12-19T22:03+00:002006-12-19T22:03+00:00Security Vulnerabilities in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges and Execute Arbitrary Code
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
Sun Microsystems102729http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731http://www.kb.cert.org/vuls/id/149457http://www.kb.cert.org/vuls/id/9396092006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Security Vulnerabilities Related to Serialization in the Java Runtime Environment may Allow Untrusted Applets to Elevate Privileges
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
Sun Microsystems102731http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745http://www.kb.cert.org/vuls/id/1022892006-12-19T00:00-07:002006-12-19T00:00-07:002006-12-19T00:00-07:00Sun Microsystems Java GIF File Parsing Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-005.html
GIF ファイル処理に起因する脆弱性(CVE-2007-0243)
脆弱性をベンダに報告
Zero Day Initiative (ZDI)ZDI-07-005http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-02432006-06-162006-06-162006-06-16RQiwR3SewrSvv6blPLYmO+oIKAM=AQisDinEqlR8UAn8VRM0XNKbmps=CjMn8uS8EvtY/XvENB6J2mwETauk6sSTzMSAZfEFyE92HFNINZ0YOiwBcuyE2pHYfbDGSDGug/gCp3eoorrB9NWU+9afusf2OKgONPc4bSH10IzEqHsMjslAN17EyOoaPnk3Br1WuzclACczALrS4BJ/pngpfftCAS1DSiHIKEc=MIIEJTCCA46gAwIBAgIQH8+x187tRT6w02OJfpsddzANBgkqhkiG9w0BAQUFADCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDAeFw0wNjA2MTMwMDAwMDBaFw0wNzA2MTMyMzU5NTlaMIIBGzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTgxHjAcBgNVBAsTFVBlcnNvbmEgTm90IFZhbGlkYXRlZDE0MDIGA1UECxMrRGlnaXRhbCBJRCBDbGFzcyAxIC0gTWljcm9zb2Z0IEZ1bGwgU2VydmljZTEgMB4GA1UEAxQXSlZOUlNTIFJlc2VhcmNoIFByb2plY3QxHzAdBgkqhkiG9w0BCQEWEGp2bnJzc0BpcGEuZ28uanAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANV6POygjjKOFc1uAG/YV5VpW07NCJpI3BGisMqVW8gkbU3Dk6gBCc4owM7r/JDIjJ0XmGUCMTsRCnijdbNnn9VR5tIgMhWC6p0+MeOzNQ0XOXEewfLV0nhd+7K3TgjwXNcWI02xqhv+NtD1BHzcDrkdCkGoxn/g1FgUnyhJ4Ob9AgMBAAGjgbUwgbIwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMEBggrBgEFBQcDAjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLnZlcmlzaWduLmNvbS9jbGFzczEuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAHv9wR3h5rhh1JXN/2GBxPnBDfHUi9Jn5sfxDXvu88rNJnd4kMOhxNctZVk18/oegHdhHoxsjaNJ6v1xxpF2/u5ARoWT8TwaKnvYWwefupiTS326EY/52RVXwPtep9M02v+S2CwgF3aIKXuF5EuoR2NndxqCRUzns9AJt0qQIwmY