Sun Java Development Kit (JDK) ICC profile integer overflow (ICC_Profile_Generic_Tag_Overflow)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Desktops, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Servers (Unix), Proventia Network IPS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This signature detects a specially crafted ICC (International Color Consortium) profile with an excessively large tag designed to overflow vulnerable ICC decoders.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2730, RealSecure Server Sensor: XPU 32.020, IBM Security Host Protection for Desktops: 2730, Proventia Network MFS: XPU 32.020, Proventia-G 1.1 and earlier: XPU 32.020, Proventia Network IDS: XPU 32.020, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IPS: XPU 32.020, Virtual Server Protection for Vmware: XPU 32.020, Proventia Server IPS for Linux technology: 32.020

Systems affected

Sun JRE: 1.3.1, Gentoo Linux, SuSE Linux Enterprise Server: 8, Novell UnitedLinux: 1.0, SuSE SuSE Linux OpenExchange Server: 4, SUSE SuSE Linux: 9.0, SuSE SuSE Linux School Server, SuSE SuSE Linux Standard Server: 8, SuSE SuSE SLES: 9, Sun JRE: 1.4.2, Sun JRE: 1.5.0, Sun SDK: 1.4.2, Novell Linux Desktop: 9, Novell Open Enterprise: Server, SUSE SuSE Linux: 10.0, Sun JRE: 1.5.0 Update3, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Novell SLE SDK: 10, SuSE Linux Enterprise Server: 9, Novell SUSE Linux Enterprise Server: 10, SuSE SuSE Linux Retail Solution: 8, Novell Linux POS: 9, Sun JRE: 1.6.0, Sun JDK: 1.6.0, Sun JDK: 1.5.0 Update10, Sun JRE: 1.5.0 Update7, Sun JRE: 1.5.0 Update8, Sun JRE: 1.5.0 Update9, Sun JRE: 1.5.0 Update10, Sun SDK: 1.4.2_11, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_14, Novell SUSE Linux Enterprise Server: 10 SP1, Novell SUSE Linux Enterprise Desktop: 10 SP1, Novell SLE SDK: 10 SP1, RedHat Network Satellite Server: 5.0, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, RedHat RHEL Supplementary: 5.1.z EUS, RedHat RHEL Extras: 4.6.z, RedHat Network Satellite Server: 4.2, Novell Open Enterprise Server, Sun JDK: 1.5.0, Sun JDK: 1.5.0 Update1, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update8, Sun JDK: 1.5.0 Update9, Sun JRE: 1.3.1 Update1, Sun JRE: 1.3.1 Update15, Sun JRE: 1.3.1 Update16, Sun JRE: 1.3.1 Update18, Sun JRE: 1.3.1 Update19, Sun JRE: 1.3.1 Update1a, Sun JRE: 1.3.1 Update20, Sun JRE: 1.3.1 Update4, Sun JRE: 1.3.1 Update8, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update2, Sun JRE: 1.4.2 Update3, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update5, Sun JRE: 1.4.2 Update6, Sun JRE: 1.4.2 Update7, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update9, Sun JRE: 1.5.0 Update1, Sun JRE: 1.5.0 Update2, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update5, Sun JRE: 1.5.0 Update6, Sun SDK: 1.3.0, Sun SDK: 1.3.1_01, Sun SDK: 1.3.1_01a, Sun SDK: 1.3.1_16, Sun SDK: 1.3.1_18, Sun SDK: 1.3.1_19, Sun SDK: 1.3.1_20, Sun SDK: 1.4.2_03, Sun SDK: 1.4.2_08, Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_10, Novell OpenSUSE: 10.2, Sun SDK: 1.4.2_04, Sun SDK: 1.4.2_02, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_06, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_01, Sun SDK: 1.3.1_02, Sun SDK: 1.3.1_04, Sun SDK: 1.3.1_05, Sun SDK: 1.3.1_06, Sun SDK: 1.3.1_07, Sun SDK: 1.3.1_08, Sun SDK: 1.3.1_09, Sun SDK: 1.3.1_10, Sun SDK: 1.3.1_11, Sun SDK: 1.3.1_12, Sun SDK: 1.3.1_13, Sun SDK: 1.3.1_14, Sun SDK: 1.3.1_15, Sun SDK: 1.3.1_17, Sun JRE: 1.3.1 Update2, Sun JRE: 1.3.1 Update3, Sun JRE: 1.3.1 Update5, Sun JRE: 1.3.1 Update6, Sun JRE: 1.3.1 Update7, Sun JRE: 1.3.1 Update9, Sun JRE: 1.3.1 Update10, Sun JRE: 1.3.1 Update11, Sun JRE: 1.3.1 Update12, Sun JRE: 1.3.1 Update13, Sun JRE: 1.3.1 Update14, Sun JRE: 1.3.1 Update17, Sun SDK: 1.3.0_05, Sun SDK: 1.3.0_02, Sun SDK: 1.3.1_03

Type

Unauthorized Access Attempt

Vulnerability description

Sun Java Development Kit (JDK) is vulnerable to an integer overflow, caused by improper bounds checking by the embedded ICC profile image parser. By creating a specially-crafted JPEG or Bitmap image, a remote attacker could execute arbitrary code on the system if the attacker could persuade the victim to view the malicious image.

How to remove this vulnerability

Upgrade to the latest version of Sun JDK (1.5.0_07-b03 or 1.6.0_01-b06 or later), available from the Sun Microsystems Web site. See References.

For Gentoo Linux (Sun JDK/JRE):
Refer to GLSA 200705-23 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (emul-linux-x86-java):
Refer to GLSA 200706-08 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (BEA JRockit):
Refer to GLSA 200709-15 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Chris Evans Security Advisory CESA-2006-004
JDK image parsing library vulnerabilities (ICC parsing, BMP parsing)
http://scary.beasts.org/security/CESA-2006-004.html

Sun Microsystems Web site
Java SE Downloads
http://java.sun.com/javase/downloads/index_jdk5.jsp

GLSA 200705-23
Sun JDK/JRE: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200705-23.xml

GLSA 200706-08
emul-linux-x86-java: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200706-08.xml

GLSA 200709-15
BEA JRockit: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200709-15.xml

SUSE-SA:2007:056
18 Oct 2007 IBM Java Security problems
http://www.novell.com/linux/security/advisories/2007_56_ibmjava.html

Apple Web site
About the security content of Java Release 6 for Mac OS X 10.4
http://docs.info.apple.com/article.html?artnum=307177

ISS X-Force
Sun Java Development Kit (JDK) ICC profile integer overflow
http://www.iss.net/security_center/static/34318.php

CVE
CVE-2007-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788