Oracle Java SE Java Runtime Environment unspecified (OTF_Java_IDEF_opcode_Overflow)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, IBM Security Host Protection for Desktops, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, Proventia Network IPS, IBM Security Host Protection for Servers (Unix):

This event indicates the network transfer of a deformed OpenType or TrueType font where the font program table contains more instruction definitions than claimed in the 'Maximum Profile' table.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2750, RealSecure Server Sensor: XPU 32.040, IBM Security Host Protection for Desktops: 2750, Proventia Network MFS: XPU 32.040, Proventia-G 1.1 and earlier: XPU 32.040, Proventia Network IDS: XPU 32.040, Virtual Server Protection for Vmware: XPU 32.040, Proventia Server IPS for Linux technology: 32.040, Proventia Network IPS: XPU 32.040, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Sun JRE: 1.4.2, RedHat RHEL Extras: 4, Hitachi uCosminexus Service Architect, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Sun JRE: 1.4.2_1, Sun JRE: 1.4.2_10, Sun JRE: 1.4.2_11, Sun JRE: 1.4.2_12, Sun JRE: 1.4.2_13, Sun JRE: 1.4.2_14, Sun JRE: 1.4.2_15, Sun JRE: 1.4.2_16, Sun JRE: 1.4.2_17, Sun JRE: 1.4.2_18, Sun JRE: 1.4.2_2, Sun JRE: 1.4.2_3, Sun JRE: 1.4.2_4, Sun JRE: 1.4.2_5, Sun JRE: 1.4.2_6, Sun JRE: 1.4.2_7, Sun JRE: 1.4.2_8, Sun JRE: 1.4.2_9, Sun JRE: 1.4.2_19, Sun JRE: 1.1.5.0 Update7, Sun JRE: 1.1.5.0 Update11, Sun JRE: 1.1.5.0 Update9, Sun JRE: 1.1.5.0 Update3, Sun JRE: 1.1.5.0 Update12, Sun JRE: 1.1.5.0 Update10, Sun JRE: 1.1.5.0 Update8, Sun JRE: 1.1.5.0 Update13, Sun JRE: 1.1.5.0, Sun JRE: 1.1.5.0 Update6, Sun JRE: 1.1.5.0 Update1, Sun JRE: 1.1.5.0 Update4, Sun JRE: 1.1.5.0 Update5, Sun JRE: 1.1.5.0 Update2, Sun JRE: 1.1.5.0 Update14, Sun JRE: 1.1.5.0 Update15, Sun JRE: 1.1.5.0 Update16, Sun JRE: 1.1.5.0 Update17, Hitachi Processing Kit for XML, Hitachi uCosminexus Client, Hitachi uCosminexus Operator, Hitachi uCosminexus Service Platform, Sun JRE: 1.4.2_20, Sun JRE: 1.4.2_21, Sun JRE: 1.4.2_23, Sun JRE: 1.1.6.0 Update2, Sun JRE: 1.1.6.0 Update1, Sun JRE: 1.1.6.0 Update3, Sun JRE: 1.1.6.0 Update4, Sun JRE: 1.1.6.0 Update5, Sun JRE: 1.1.6.0 Update6, Sun JRE: 1.1.6.0 Update7, Sun JRE: 1.1.6.0 Update10, Sun JRE: 1.1.6.0 Update11, Sun JRE: 1.1.6.0 Update12, Sun JRE: 1.1.6.0 Update13, Sun JRE: 1.1.6.0 Update14, Sun JRE: 1.1.6.0 Update15, Sun JRE: 1.1.6.0 Update16, Sun JRE: 1.1.5.0 Update21, Sun JRE: 1.1.5.0 Update20, Sun JRE: 1.1.5.0 Update19, Sun JRE: 1.1.5.0 Update18, Sun JRE: 1.4.2_22, Hitachi Cosminexus Application Server: 05-00, Hitachi Cosminexus Application Server: 06-00 Enterprise, Hitachi Cosminexus Server: 04-00 Standard, Hitachi Cosminexus Studio: 04-00 Standard, Hitachi HiRDB: 7, Hitachi HiRDB: 8, Hitachi Developer's Kit for Java, Hitachi Ucosminexus Application Server: 06-70 Enterprise, Hitachi Ucosminexus Developer: 06-70 Light, Sun JRE: 1.4.2_24, Sun JRE: 1.4.2_25, Sun JRE: 1.4.2_26, Sun JRE: 1.4.2_27, IBM Tivoli Netcool/OMNIbus: 7.3.0, Sun JRE: 1.1.6.0 Update17, Sun JRE: 1.1.6.0, Sun JRE: 1.1.6.0 Update18, Sun JRE: 1.1.6.0 Update19, Sun JRE: 1.1.6.0 Update20, Sun JRE: 1.1.6.0 Update21, Sun JRE: 1.1.5.0 Update22, Sun JRE: 1.1.5.0 Update23, Sun JRE: 1.1.5.0 Update24, Sun JRE: 1.1.5.0 Update25, Sun JRE: 1.1.5.0 Update26, Sun JRE: 1.1.5.0 Update27, Sun JRE: 1.4.2_28, Sun JRE: 1.4.2_29, Apple Mac OS X: 10.6.8, Apple Mac OS X Server: 10.6.8, Oracle JavaFX: 2.0, Sun JRE: 1.1.5.0 Update29, Sun JRE: 1.1.5.0 Update31, Sun JRE: 1.4.2_33, Sun JRE: 1.4.2_32, Sun JRE: 1.4.2_31, Sun JRE: 1.4.2_30, RedHat Enterprise Linux Server Supplementary : 6, RedHat Enterprise Linux Workstation Supplementary : 6, RedHat Enterprise Linux Desktop Supplementary : 6, RedHat Enterprise Linux HPC Node Supplementary : 6, RedHat Enterprise Linux for SAP, Oracle JRE: 1.1.6.0 Update22, Oracle JRE: 1.1.6.0 Update23, Oracle JRE: 1.1.6.0 Update24, Oracle JRE: 1.1.6.0 Update25, Oracle JRE: 1.1.6.0 Update26, Oracle JRE: 1.1.6.0 Update27, Oracle JRE: 1.1.6.0 Update29, Oracle JRE: 1.1.6.0 Update30, Oracle JRE: 1.7.0, Oracle JRE: 1.7.0 Update1, Oracle JRE: 1.7.0 Update2, Sun JRE: 1.1.5.0 Update28, Sun JRE: 1.1.5.0 Update33, Sun JRE: 1.4.2_34, Sun JRE: 1.4.2_35, Oracle JavaFX: 1.3.1, Oracle JavaFX: 1.2.3, Oracle JavaFX: 1.2, Oracle JavaFX: 1.3.0, Oracle JavaFX: 1.2.2, Oracle JavaFX: 2.0.2, Apple Mac OS X Lion Server: 10.7.3, Apple Mac OS X Lion: 10.7.3, IBM 31-bit SDK for z/OS: 5.0, IBM 31-bit SDK for z/OS: 6.x, IBM 64-bit SDK for z/OS: 6.x, IBM Tivoli System Automation for Multiplatforms: 3.1, IBM Tivoli System Automation for Multiplatforms: 3.2, IBM Tivoli System Automation for Multiplatforms: 3.2.1, IBM Tivoli System Automation for Multiplatforms: 3.2.2, IBM Tivoli System Automation Application Manager: 3.2.2, IBM Tivoli Netcool/OMNIbus: 7.2.1, IBM Tivoli Netcool/OMNIbus: 7.3.1, IBM Tivoli Netcool/OMNIbus: 7.4.0

Type

Unauthorized Access Attempt

Vulnerability description

Oracle Java SE Java Runtime Environment is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing the IDEF opcodes during True Type font parsing. By persuading a victim to open a specially-crafted font file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

How to remove this vulnerability

Refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information. See References.

References

Oracle Java SE Critical Patch Update Advisory - February 2012
Oracle Java SE Critical Patch Update Advisory - February 2012
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Hitachi Security Vulnerability Information HS12-007
Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html

TPTI-12-01
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-12-01

TSL20120222-10
Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow
http://telussecuritylabs.com/threats/show/TSL20120222-10

IBM APAR PM60958
GEN APAR: 31-BIT JAVA FOR Z/OS SDK 5 SERVICE REFRESH (SR13 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM60958

Apple KB HT5228
About the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7
http://support.apple.com/kb/HT5228

IBM APAR PM59971
GEN APAR: 31-BIT JAVA FOR Z/OS SDK 6 SERVICE REFRESH (SR10 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM59971

IBM APAR PM59978
GEN APAR: 64-BIT JAVA FOR Z/OS SDK 6 SERVICE REFRESH (SR10 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM59978

IBM Security Bulletin 1632668
IBM Tivoli System Automation for Multiplatforms
http://www-01.ibm.com/support/docview.wss?uid=swg21632668

IBM Security Bulletin 1633991
Tivoli System Automation Application Manager 3.2.2
http://www-01.ibm.com/support/docview.wss?uid=swg21633991

IBM Security Bulletin 1650822
Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus
http://www-01.ibm.com/support/docview.wss?uid=swg21650822

ISS X-Force
Oracle Java SE Java Runtime Environment unspecified
http://www.iss.net/security_center/static/73187.php

CVE
CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499