首页 -> 安全研究

安全研究

安全漏洞
Sun/Netscape Java虚拟机字节码(bytecode)校验器漏洞

发布日期:2002-11-21
更新日期:2002-11-28

受影响系统:
Netscape Communicator 4.79
Netscape Communicator 4.78
Netscape Communicator 4.77
Netscape Communicator 4.76
Netscape Communicator 4.75
Netscape Communicator 4.74
Netscape Communicator 4.73
Netscape Communicator 4.72
Netscape Communicator 4.7
Netscape Communicator 4.61
Netscape Communicator 4.6
Netscape Communicator 4.51
Netscape Communicator 4.5
Sun Java 2 Runtime Environment 1.30_05
Sun Java 2 Runtime Environment 1.30_04
Sun Java 2 Runtime Environment 1.30_03
Sun Java 2 Runtime Environment 1.30_02
Sun Java 2 Runtime Environment 1.30_01
Sun Java 2 Runtime Environment 1.3.1_01a
Sun Java 2 Runtime Environment 1.3.1_01
Sun Java 2 Runtime Environment 1.3.1
Sun Java 2 Runtime Environment 1.3.0
Sun Java HotSpot Performance Engine 2.0
Sun Java HotSpot Performance Engine 1.0.1
Sun JDK 1.2
Sun JDK 1.1
Sun JDK (Linux Production Release) 1.2.2_006
Sun JDK (Linux Production Release) 1.2.2_005
Sun JDK (Linux Production Release) 1.1.8_009
Sun JDK (Reference Release) 1.1.8_003
Sun JDK (Reference Release) 1.1.7B_005
Sun JDK (Reference Release) 1.1.6_007
Sun JDK (Solaris Production Release) 1.2.2_06
Sun JDK (Solaris Production Release) 1.2.2_05
Sun JDK (Solaris Production Release) 1.1.8_15
Sun JDK (Solaris Production Release) 1.1.8_14
Sun JDK (Solaris Production Release) 1.1.8_13
Sun JDK (Solaris Production Release) 1.1.8_12
Sun JDK (Solaris Production Release) 1.1.8_10
Sun JDK (Solaris Production Release) 1.1.7B
Sun JDK (Solaris Production Release) 1.1.6
Sun JDK (Windows Production Release) 1.2.2_006
Sun JDK (Windows Production Release) 1.2.2_004
Sun JDK (Windows Production Release) 1.2.1_004
Sun JDK (Windows Production Release) 1.2.1_003
Sun JDK (Windows Production Release) 1.1.8_009
Sun JDK (Windows Production Release) 1.1.8_008
Sun JDK (Windows Production Release) 1.1.8_007
Sun JDK (Windows Production Release) 1.1.8_005
Sun JDK (Windows Production Release) 1.1.8_002
Sun JDK (Windows Production Release) 1.1.7B_007
Sun JDK (Windows Production Release) 1.1.7B_005
Sun JDK (Windows Production Release) 1.1.6_009
Sun JDK (Windows Production Release) 1.1.6_007
Sun JRE 1.2.1_004
Sun JRE 1.1.8_006
Sun JRE 1.1.7B_007
Sun JRE 1.1.6_009
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.3_05
Sun JRE (Linux Production Release) 1.3.1_02
Sun JRE (Linux Production Release) 1.3.1_01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.3.0_02
Sun JRE (Linux Production Release) 1.2.2_011
Sun JRE (Linux Production Release) 1.2.2_010
Sun JRE (Linux Production Release) 1.2.2_007
Sun JRE (Linux Production Release) 1.2.2_005
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Reference Release) 1.2.2_011
Sun JRE (Reference Release) 1.2.2_010
Sun JRE (Reference Release) 1.2.1_003
Sun JRE (Reference Release) 1.1.8_009
Sun JRE (Reference Release) 1.1.8_007
Sun JRE (Reference Release) 1.1.7B_005
Sun JRE (Reference Release) 1.1.6_007
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.3_05
Sun JRE (Solaris Production Release) 1.3.1_02
Sun JRE (Solaris Production Release) 1.3.1_01
Sun JRE (Solaris Production Release) 1.3.0_02
Sun JRE (Solaris Production Release) 1.2.2_11
Sun JRE (Solaris Production Release) 1.2.2_10
Sun JRE (Solaris Production Release) 1.2.2_07
Sun JRE (Solaris Production Release) 1.2.2_05a
Sun JRE (Solaris Production Release) 1.2.1
Sun JRE (Solaris Production Release) 1.2
Sun JRE (Solaris Production Release) 1.1.8_15
Sun JRE (Solaris Production Release) 1.1.8_14
Sun JRE (Solaris Production Release) 1.1.8_13
Sun JRE (Solaris Production Release) 1.1.8_10
Sun JRE (Solaris Production Release) 1.1.7B
Sun JRE (Solaris Production Release) 1.1.6
Sun JRE (Solaris Reference Release) 1.2.2_010
Sun JRE (Solaris Reference Release) 1.2.2_007 and earlier
Sun JRE (Solaris Reference Release) 1.2.1
Sun JRE (Solaris Reference Release) 1.2
Sun JRE (Solaris Reference Release) 1.1.8_008
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.3_05
Sun JRE (Windows Production Release) 1.3.1_02
Sun JRE (Windows Production Release) 1.3.1_01a
Sun JRE (Windows Production Release) 1.3.0_02
Sun JRE (Windows Production Release) 1.2.2_011
Sun JRE (Windows Production Release) 1.2.2_010
Sun JRE (Windows Production Release) 1.2.2_007
Sun JRE (Windows Production Release) 1.2.1
Sun JRE (Windows Production Release) 1.2
Sun JRE (Windows Production Release) 1.1.8_009
Sun JRE (Windows Production Release) 1.1.8_008
Sun JRE (Windows Production Release) 1.1.8_007
Netscape Communicator 4.0
    - Linux系统  
    - Microsoft Windows NT 4.0
    - Microsoft Windows 98
    - Microsoft Windows 95
    - Microsoft Windows 2000
    - Unix系统  
Sun Java HotSpot Performance Engine 1.0
    - Microsoft Windows NT 4.0
    - Microsoft Windows 98
    - Microsoft Windows 95
Sun JDK (Solaris Production Release) 1.2.1
    - Sun Solaris 8.0
    - Sun Solaris 7.0
    - Sun Solaris 2.6
描述:
BUGTRAQ  ID: 6224

一些厂商(包括Sun、Microsoft)都实现Java虚拟机,它可以允许一些代码(例如Java applet)在虚拟机中安全的执行。

Sun和Netscape Java虚拟机在字节码(bytecode)校验器实现中存在问题,远程攻击者可以利用这个漏洞构建恶意Java Applet,在目标用户JVM环境中访问和写文件系统。

字节码(bytecode)校验器是Java编译器组件,用于检查JAVA指令结构的合法性。根据LSD报告,构建字节码会引起不正确对象初始化,由于字节码(bytecode)校验器存在安全问题,可导致攻击者利用这个漏洞绕过Applet Sandbox的安全约束而对本地系统进行读/写访问。

<*来源:LSD (contact@lsd-pl.net
  
  链接:http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf
*>

建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 在系统中关闭JAVA执行。

厂商补丁:

Netscape
--------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://www.netscape.com

Sun
---
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://sunsolve.sun.com/security

浏览次数:3073
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客