Sun Java Development Kit (JDK) ICC profile integer overflow (ICC_Profile_Generic_Tag_Overflow)

About this signature or vulnerability

Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Desktops, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS:

This signature detects a specially crafted ICC (International Color Consortium) profile with an excessively large tag designed to overflow vulnerable ICC decoders.


Default risk level

High risk vulnerability  High

Sensors that have this signature

Proventia Network IPS: XPU 32.020, Virtual Server Protection for Vmware: XPU 32.020, Proventia Server IPS for Linux technology: 32.020, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia-G 1.1 and earlier: XPU 32.020, Proventia Network IDS: XPU 32.020, IBM Security Host Protection for Desktops: 2730, RealSecure Server Sensor: XPU 32.020, IBM Security Host Protection for Servers (Windows): 2.1.14.2730, Proventia Network MFS: XPU 32.020

Systems affected

Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_08, Sun SDK: 1.3.1_19, Sun SDK: 1.3.1_20, Sun SDK: 1.4.2_03, Sun SDK: 1.4.2_10, Sun JRE: 1.5.0 Update6, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update5, Sun SDK: 1.3.1_01, Sun SDK: 1.3.1_16, Sun SDK: 1.3.1_18, Sun SDK: 1.3.1_01a, Sun SDK: 1.3.0, Sun JRE: 1.3.1 Update18, Sun JRE: 1.3.1 Update16, Sun JRE: 1.3.1 Update15, Sun JRE: 1.3.1 Update1, Sun JRE: 1.3.1 Update19, Sun JRE: 1.3.1 Update1a, Sun JRE: 1.3.1 Update8, Sun JRE: 1.3.1 Update20, Sun JRE: 1.3.1 Update4, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update3, Sun JRE: 1.4.2 Update2, Sun JRE: 1.5.0 Update2, Sun JRE: 1.4.2 Update7, Sun JRE: 1.5.0 Update1, Sun JRE: 1.4.2 Update9, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update6, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update5, Novell OpenSUSE: 10.2, Sun SDK: 1.4.2_04, Sun SDK: 1.4.2_02, Sun SDK: 1.4.2_01, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_06, Sun SDK: 1.3.1_02, Sun SDK: 1.3.1_04, Sun SDK: 1.3.1_05, Sun SDK: 1.3.1_07, Sun SDK: 1.3.1_06, Sun SDK: 1.3.1_08, Sun SDK: 1.3.1_09, Sun SDK: 1.3.1_12, Sun SDK: 1.3.1_11, Sun SDK: 1.3.1_10, Sun JDK: 1.5.0 Update9, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update8, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0, Sun JDK: 1.5.0 Update1, Novell Open Enterprise Server, RedHat Network Satellite Server: 4.2, RedHat RHEL Extras: 4.6.z, Novell SUSE Linux Enterprise Server: 10 SP1, Novell SUSE Linux Enterprise Desktop: 10 SP1, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_14, Sun JRE: 1.5.0 Update10, Sun SDK: 1.4.2_11, Sun JRE: 1.6.0, Sun JDK: 1.6.0, Sun JRE: 1.5.0 Update9, Sun JRE: 1.5.0 Update8, Sun JRE: 1.5.0 Update7, Sun JDK: 1.5.0 Update10, Novell SLE SDK: 10 SP1, RedHat Network Satellite Server: 5.0, RedHat RHEL Supplementary: 5 Server, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5.1.z EUS, RedHat RHEL Extras: 3, SUSE SuSE Linux: 10.0, Sun JRE: 1.5.0 Update3, Novell SUSE Linux Enterprise Server: 10, Novell SLE SDK: 10, SuSE Linux Enterprise Server: 9, RedHat RHEL Extras: 4, Novell Linux POS: 9, SuSE SuSE Linux Retail Solution: 8, Novell Linux Desktop: 9, Novell Open Enterprise: Server, Sun SDK: 1.4.2, Sun JRE: 1.4.2, Sun JRE: 1.5.0, SuSE SuSE SLES: 9, Gentoo Linux, SuSE Linux Enterprise Server: 8, Novell UnitedLinux: 1.0, SuSE SuSE Linux OpenExchange Server: 4, SuSE SuSE Linux School Server, SUSE SuSE Linux: 9.0, SuSE SuSE Linux Standard Server: 8, Sun JRE: 1.3.1, Sun JRE: 1.3.1 Update12, Sun JRE: 1.3.1 Update14, Sun JRE: 1.3.1 Update13, Sun SDK: 1.3.0_05, Sun SDK: 1.3.0_02, Sun SDK: 1.3.1_03, Sun JRE: 1.3.1 Update17, Sun SDK: 1.3.1_17, Sun SDK: 1.3.1_15, Sun SDK: 1.3.1_14, Sun SDK: 1.3.1_13, Sun JRE: 1.3.1 Update2, Sun JRE: 1.3.1 Update5, Sun JRE: 1.3.1 Update3, Sun JRE: 1.3.1 Update6, Sun JRE: 1.3.1 Update7, Sun JRE: 1.3.1 Update11, Sun JRE: 1.3.1 Update10, Sun JRE: 1.3.1 Update9

Type

Unauthorized Access Attempt

Vulnerability description

Sun Java Development Kit (JDK) is vulnerable to an integer overflow, caused by improper bounds checking by the embedded ICC profile image parser. By creating a specially-crafted JPEG or Bitmap image, a remote attacker could execute arbitrary code on the system if the attacker could persuade the victim to view the malicious image.

How to remove this vulnerability

Upgrade to the latest version of Sun JDK (1.5.0_07-b03 or 1.6.0_01-b06 or later), available from the Sun Microsystems Web site. See References.

For Gentoo Linux (Sun JDK/JRE):
Refer to GLSA 200705-23 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (emul-linux-x86-java):
Refer to GLSA 200706-08 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (BEA JRockit):
Refer to GLSA 200709-15 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Chris Evans Security Advisory CESA-2006-004
JDK image parsing library vulnerabilities (ICC parsing, BMP parsing)
http://scary.beasts.org/security/CESA-2006-004.html

Sun Microsystems Web site
Java SE Downloads
http://java.sun.com/javase/downloads/index_jdk5.jsp

GLSA 200705-23
Sun JDK/JRE: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml

GLSA 200706-08
emul-linux-x86-java: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200706-08.xml

GLSA 200709-15
BEA JRockit: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

SUSE-SA:2007:056
18 Oct 2007 IBM Java Security problems
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html

Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4
http://docs.info.apple.com/article.html?artnum=307177

ISS X-Force
Sun Java Development Kit (JDK) ICC profile integer overflow
http://www.iss.net/security_center/static/34318.php

CVE
CVE-2007-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788