Oracle Java SE Java Runtime Environment unspecified (OTF_Java_IDEF_opcode_Overflow)

About this signature or vulnerability

IBM Security Host Protection for Servers (Unix), Virtual Server Protection for Vmware, IBM Security Network Protection, Proventia Server IPS for Linux technology, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, IBM Security Host Protection for Desktops, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network MFS:

This event indicates the network transfer of a deformed OpenType or TrueType font where the font program table contains more instruction definitions than claimed in the 'Maximum Profile' table.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Unix): 2.2.2, Virtual Server Protection for Vmware: XPU 32.040, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 32.040, Proventia-G 1.1 and earlier: XPU 32.040, Proventia Network IDS: XPU 32.040, Proventia Network IPS: XPU 32.040, IBM Security Host Protection for Desktops: 2750, RealSecure Server Sensor: XPU 32.040, IBM Security Host Protection for Servers (Windows): 2.1.14.2750, Proventia Network MFS: XPU 32.040

Systems affected

Hitachi HiRDB: 8, Hitachi HiRDB: 7, Hitachi Cosminexus Studio: 04-00 Standard, Hitachi Cosminexus Server: 04-00 Standard, Hitachi Cosminexus Application Server: 06-00 Enterprise, Hitachi Cosminexus Application Server: 05-00, Hitachi Ucosminexus Application Server: 06-70 Enterprise, Hitachi Ucosminexus Developer: 06-70 Light, Hitachi Developer's Kit for Java, Sun JRE: 1.1.6.0 Update16, Sun JRE: 1.1.5.0 Update20, Sun JRE: 1.1.5.0 Update21, Sun JRE: 1.4.2_22, Sun JRE: 1.1.5.0 Update18, Sun JRE: 1.1.5.0 Update19, Sun JRE: 1.1.6.0 Update5, Sun JRE: 1.1.6.0 Update3, Sun JRE: 1.1.6.0 Update4, Sun JRE: 1.1.6.0 Update2, Sun JRE: 1.1.6.0 Update1, Sun JRE: 1.1.6.0 Update10, Sun JRE: 1.1.6.0 Update11, Sun JRE: 1.1.6.0 Update12, Sun JRE: 1.1.6.0 Update6, Sun JRE: 1.1.6.0 Update7, Sun JRE: 1.1.6.0 Update15, Sun JRE: 1.1.6.0 Update13, Sun JRE: 1.1.6.0 Update14, Sun JRE: 1.4.2_23, Sun JRE: 1.4.2_27, Sun JRE: 1.4.2_26, Sun JRE: 1.4.2_25, Sun JRE: 1.4.2_24, IBM Tivoli Netcool/OMNIbus: 7.3.0, Sun JRE: 1.1.6.0 Update17, Sun JRE: 1.1.6.0, Sun JRE: 1.1.6.0 Update18, Sun JRE: 1.1.6.0 Update21, Sun JRE: 1.1.6.0 Update19, Sun JRE: 1.1.6.0 Update20, Sun JRE: 1.1.5.0 Update24, Sun JRE: 1.1.5.0 Update23, Sun JRE: 1.1.5.0 Update22, Sun JRE: 1.4.2_28, Sun JRE: 1.1.5.0 Update27, Sun JRE: 1.1.5.0 Update26, Sun JRE: 1.1.5.0 Update25, Sun JRE: 1.4.2_29, Apple Mac OS X: 10.6.8, Apple Mac OS X Server: 10.6.8, Sun JRE: 1.1.5.0 Update29, Sun JRE: 1.1.5.0 Update31, Sun JRE: 1.4.2_33, Sun JRE: 1.4.2_32, Sun JRE: 1.4.2_31, Sun JRE: 1.4.2_30, Oracle JavaFX: 2.0, Hitachi Processing Kit for XML, Hitachi uCosminexus Service Platform, Hitachi uCosminexus Client, Hitachi uCosminexus Operator, Sun JRE: 1.1.5.0 Update17, Sun JRE: 1.1.5.0 Update16, Sun JRE: 1.1.5.0 Update15, Sun JRE: 1.1.5.0 Update14, Sun JRE: 1.1.5.0 Update2, Sun JRE: 1.1.5.0 Update5, Sun JRE: 1.1.5.0 Update4, Sun JRE: 1.1.5.0 Update1, Sun JRE: 1.1.5.0 Update6, Sun JRE: 1.1.5.0, Sun JRE: 1.1.5.0 Update13, Sun JRE: 1.1.5.0 Update8, Sun JRE: 1.1.5.0 Update10, Sun JRE: 1.1.5.0 Update12, Sun JRE: 1.1.5.0 Update11, Sun JRE: 1.1.5.0 Update3, Sun JRE: 1.1.5.0 Update9, Sun JRE: 1.1.5.0 Update7, Sun JRE: 1.4.2_20, Sun JRE: 1.4.2_21, Sun JRE: 1.4.2_19, Sun JRE: 1.4.2_1, Sun JRE: 1.4.2_18, Sun JRE: 1.4.2_2, Sun JRE: 1.4.2_3, Sun JRE: 1.4.2_4, Sun JRE: 1.4.2_5, Sun JRE: 1.4.2_6, Sun JRE: 1.4.2_7, Sun JRE: 1.4.2_8, Sun JRE: 1.4.2_9, Sun JRE: 1.4.2_17, Sun JRE: 1.4.2_16, Sun JRE: 1.4.2_15, Sun JRE: 1.4.2_14, Sun JRE: 1.4.2_13, Sun JRE: 1.4.2_12, Sun JRE: 1.4.2_11, Sun JRE: 1.4.2_10, Oracle JRE: 1.1.6.0 Update24, Oracle JRE: 1.1.6.0 Update25, Oracle JRE: 1.1.6.0 Update26, Oracle JRE: 1.1.6.0 Update27, Oracle JRE: 1.1.6.0 Update22, Oracle JRE: 1.1.6.0 Update23, Sun JRE: 1.4.2_34, Sun JRE: 1.4.2_35, Oracle JavaFX: 1.3.1, Sun JRE: 1.1.5.0 Update33, Oracle JavaFX: 1.2.3, Oracle JavaFX: 1.2, Oracle JavaFX: 1.3.0, Oracle JavaFX: 2.0.2, Oracle JavaFX: 1.2.2, Oracle JRE: 1.7.0 Update2, Sun JRE: 1.1.5.0 Update28, Oracle JRE: 1.7.0, Oracle JRE: 1.7.0 Update1, Oracle JRE: 1.1.6.0 Update29, Oracle JRE: 1.1.6.0 Update30, RedHat Enterprise Linux HPC Node Supplementary : 6, RedHat Enterprise Linux for SAP, RedHat Enterprise Linux Workstation Supplementary : 6, RedHat Enterprise Linux Server Supplementary : 6, RedHat Enterprise Linux Desktop Supplementary : 6, IBM 31-bit SDK for z/OS: 5.0, Apple Mac OS X Lion: 10.7.3, Apple Mac OS X Lion Server: 10.7.3, IBM 64-bit SDK for z/OS: 6.x, IBM 31-bit SDK for z/OS: 6.x, IBM Tivoli System Automation Application Manager: 3.2.2, IBM Tivoli System Automation for Multiplatforms: 3.2.2, IBM Tivoli System Automation for Multiplatforms: 3.2.1, IBM Tivoli System Automation for Multiplatforms: 3.2, IBM Tivoli System Automation for Multiplatforms: 3.1, IBM Tivoli Netcool/OMNIbus: 7.2.1, IBM Tivoli Netcool/OMNIbus: 7.3.1, IBM Tivoli Netcool/OMNIbus: 7.4.0, Hitachi uCosminexus Service Architect, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Sun JRE: 1.4.2

Type

Unauthorized Access Attempt

Vulnerability description

Oracle Java SE Java Runtime Environment is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when processing the IDEF opcodes during True Type font parsing. By persuading a victim to open a specially-crafted font file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

How to remove this vulnerability

Refer to the appropriate IBM Security Bulletin for patch, upgrade, or suggested workaround information. See References.

References

Oracle Java SE Critical Patch Update Advisory - February 2012
Oracle Java SE Critical Patch Update Advisory - February 2012
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html

Hitachi Security Vulnerability Information HS12-007
Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html

TPTI-12-01
Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-12-01

TSL20120222-10
Oracle Java Runtime True Type Font IDEF Opcode Heap Buffer Overflow
http://telussecuritylabs.com/threats/show/TSL20120222-10

IBM APAR PM60958
GEN APAR: 31-BIT JAVA FOR Z/OS SDK 5 SERVICE REFRESH (SR13 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM60958

Apple KB HT5228
About the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7
http://support.apple.com/kb/HT5228

IBM APAR PM59971
GEN APAR: 31-BIT JAVA FOR Z/OS SDK 6 SERVICE REFRESH (SR10 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM59971

IBM APAR PM59978
GEN APAR: 64-BIT JAVA FOR Z/OS SDK 6 SERVICE REFRESH (SR10 FP1) THE PTF FOR THIS APAR DELIVERS THE LATEST CUMULATIVE SERVICE
http://www.ibm.com/support/docview.wss?uid=swg1PM59978

IBM Security Bulletin 1632668
IBM Tivoli System Automation for Multiplatforms
http://www-01.ibm.com/support/docview.wss?uid=swg21632668

IBM Security Bulletin 1633991
Tivoli System Automation Application Manager 3.2.2
http://www-01.ibm.com/support/docview.wss?uid=swg21633991

IBM Security Bulletin 1650822
Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus
http://www-01.ibm.com/support/docview.wss?uid=swg21650822

ISS X-Force
Oracle Java SE Java Runtime Environment unspecified
http://www.iss.net/security_center/static/73187.php

CVE
CVE-2012-0499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0499