Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Critical Flaws Found in Java Development Kit



 By: Brian Prince
2007-05-17
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The two flaws could be exploited remotely by hackers, with one resulting in the possible execution of code.

Two vulnerabilities open to remote exploitation by hackers have been found in Java Development Kit, one of which could be used to take over a compromised system.

JDK (Java Development Kit) is a software development tool made by Sun Microsystems specifically for Java users. The vulnerabilities were rated "critical" by FrSIRT (French Security Incident Response Team), a security research organization based in France.

Resource Library:
One flaw is caused by an integer overflow error in the image parser when processing ICC profiles embedded within JPEG images, according to FrSIRT researchers.

Security experts at Secunia outlined the dangers of the flaw in a separate advisory. "This can be exploited to crash the JVM and potentially allow the execution of arbitrary code by e.g. tricking an application using the JDK to process a malicious image file," Secunia security experts stated.

The second vulnerability is caused by an error in the BMP image parser when processing malformed files on Unix/Linux systems, which could be exploited by attackers to cause a denial of service. Both flaws affect Sun JDK version 1.x.

Users can find an answer to both vulnerabilities by upgrading to JDK versions 1.5.0_11-b03 or 1.6.0_01-b06.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Critical Flaws Found in Java Development Kit
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks㶲qUS|ik)ٖ:-Ҍ3RQ$%1H͟/Oon|AK~L&& 4F;ncr3 |C;ӸD;;o޼ !$ߛz0idIG O7FNͰ,U5eFN3rMۀp{g=g-FF5%O|kNF^4El(ߤp),g5h{=DGe4r!&>yBงI>߱LN1 ;|,C')8Ui"/Ç$ J07˛kh}V5yP+oaT黖:?$CnBVlfrV6i!hrs!g ջ5hY7;q@ؒ&I5hm5b#ӨRbb=:u^]ͱR,REՌԩiAsTT}⫶9\I ?b@2hF o! dF=Dϋkz=2}{'sa;r_ռYoסݎ=gfdY p$XbYZ0w]' |`<nhc"5rؖCQT`F,S-F jm]&IbT9Ju/r_7mݹ-Ӟ=89nAsnFzREVI:]vήr$ CKo5-';JQ9_w{>~lr  tn$& jDT+b>MA mbCC${/@B ZQWB-")u(!ZZzo AKQza"Q}?M-~k~>EF,sAV衂ĠʠW:+㝩jqszr|qӹ88`uӚ& "D>L@%X\0=3cfI9"3Q= MV1t9;g3R˼pWJ^̗/d2g($uq:]$ySDD'gKE4>BzB7"ʠ *괱b4@&&hC:}ҍLZ a;^B: }C c`N mPCGA :\TRul;>4Phyna23BJy7P>h^0 vh g]*v3`5DSg v,߃9#*ީM T< 3f5lk[r%FaA&g( :'I#2*B,`@n!9-'P  RR .<\ Czn<K)}TKh+L% 93TiJjL=?hj1eG,[Ez9rU .i 6JԍyRI+AOu#iMhFff=@.ϼG3I `0erLQCb⦢'c 3AP~9CEs;z0aFi9Ā9 jI.VB13OH sz@nehI*#3T +) jz%J4~gxLSRtZB˟E/4-e]Z2+(V6/ MǠ\urq_F*ےxmEZyOGy K5C iM;P6W "HE3Kdt- $u;@=pll~5G0_L큢SVĢ,J'F*,-3ȣXHJ5R5>.,!1ȁ"Hu dgbˡ\Z3 Oanxǎ As,\OD d|' ?۠ǾGRB/C48c$0Vm"`aBkrb35. +_ ǂ & Lܥ*:t5U{qu?_ZN îpohv06}*:QM "6h#P}ӚC{Ou']1/W=@E^ɰR~l"9zD\8D}9gcOMd՞hՒ´g9র VӐP+@1"^9/LU/V$#ş/ox1FB= %PcfJf M`.x8cTY(IQܧƭ3MıR "as:_XHE"}[kpp\Y,JT0:JJ+b,$ d=;$⦬4W݂Ēh!TX6H =CyhBn35bN*.w3g \OgZV,֪1:ѡTd\js| }30bMx$trF@g}u>9Nw7Tz~)~ƍa_t :tȕ:6tP\Z5-PYFH_'pd(:z&}^@ӻ.+J9 NDEWrP9(pKdS 8@ _<y},QCO+Mu,4Auq0ݎ_3kqmYc.ij2~P+Va ~RuQev 0)5A)֊\{ }2cU3H^&&2O>%WW\kϸpag_َw;^7Pz_4HΝ JIQJ `jZտI \}u ( JA.3`I, |ˡkT-TA') K}g r!9~-L6M Rs[A?qp/5492-܌X0;tzdzqmr<c]Շ~ZԤ^=1@ AA2@"J߱$r;ӓxY 4n&LC<cMvH ݪ=^E!sa^g}cW^^abvY?: ?keaϥ<87sy/?~<:mvi_3bAaFJ _hk-V&7LMFpBlYQxD+,k%ZX|!IBfL߅B:-``VɈN):cϻ>`V,QBDE,$ Ke=ғ2;iw[(6[F_ѫٿz{~KiV Trt6~OK0fAϤ+F+9ǭՓN:I| NN*:o3̱_,@:IB927VI .Uu?RouÎ(%T LrG"6l->9r cd9aHnɐ $-Zڢإۚj tx8L)dJHF =).ʚI$"J42eI?U0哘PV ioɂZ#'59Թ8/T/\ߺn,D2zzS_n\&0'1É2 RްG[(%ӎ򕼒ᬖ^}K ɏ:CD RԄ!FC|P(vвN]Ubwiפuba~%ܣ$H'RС;#l$~!ݫ]UyՅ_>TdwX GFWE5bKf0{?BIO r4M1hn!SώR$ؘ$Ⴄ JAVP,,2˞(v ƽ|@7CCҁ-3Hln3{Zڭ:>Dɥn~:d !ǒUo)72]wm߀Lqmej8.q-Ԉ@k"kyJ<^]8xG%y#GBa"Fc8ev]SQ~a_O~rmCG󎾛SYc,d9AXZACvstK9Orq&}x2:'F5w#c'gcc3/F%pg& gm @lՐ۰/h]Qi`j}Z'OpjulD[/'Ɏ7e{cA|3 e\1kMߕ_s 2 |cI%%&p.$ބ?D՞ EȽz".mh(yt`b{y'lk9E L!5 L44*d5ϗ3sl՚rul05B`ңFvnGo<15mXZC&b;:G\@&.թi,)t Fa}yK:7l/y@+4s Q*UyrNy9?AǏ6g^‰qgX,v.dY*Ix@;,K.s9:)5{т`I9|+Br$|ޑ@ Rj)B1ql"C^&1b5nÀuq ]^61 M;5Ī@V#U\`W *>g3)a8eإ vYOu(O?[ˌB-FI>UN|Ӱ( |db;PrbSTwKe2 (*=XdEf \-VnA`%u`غkEGHd5(,Ld)92Xd G6Pg|4AA PWAt-O"e_)[uM(U.pbUʂ\Kˠ0#@Bb|XudzS_p*\o Ou.|Y`ӸPR@l#6 a6 a-pX?^^I!~3 oE, JqS,Ub/mѽBbc 1ug e$,u|sʢ /O_=4͍nH 0ע@ ]k/nh,KR50j/+ہ Pвw|f{H/pKǪ; Úi48Ge-(BKw72#8Xj𧻓 OAтxVO.!e_ 5?D_gVWLsChyh ΍QMK#u#Ϲ /BXY Njh9O#m>Muk!uZ)==zJz|]S0WTEm ^Eu)_15z[mr*eXO/tG#pdi,ae8ʄ#N!s_9^ʽIGCW;|4Dţij }BPv5s-]QC/q%`vxYz!l'ȾS8/ y}c['N}dIR:}`[/l puA寤EIRͭA.-顛$O{4 (.qefpu,qW3mհY]kf$5ɅFsY;_jJ&񣹼ç匝AB_gk^^Gnʸj bu\ղ[&.⫽54⋸=:\얆/ 6醴A(ܨAmZNn d,7.eJn7^`W0;@:Kn504]{Vsg,m7}/X:7ॖY+z)לӢ~F(c!\k6QiH :[ImlW~*"Wι3 *947i>uK]Rja?}J:tϹD;G"/_[aXG[Ԓ#rh! G ',)oL"E(w0+px^dbA74E<^_7`;Tc \sj4%>E΋^R6&ƘqjxթR՜|咿܋VYr: j~b[cK}gs0"ԄZt9pU9 *5PZ`$?Rcyl'ضﳪjģ\ϫah=ycCs="zqc` K+.қP㉠D37:{sڷL%70 8(7'?0W;*^!dlf-NanZ` vrF̹OmMDJ0Պ ԕT+Z ^P}ʶ."UZI3@{,7 ?[T$Fr]ch Lq':g~R**UϚ1qX*AEL>hSv&Z<<}Q,mr1FB5Y g?[|}.]˜oW%F]K5 G'km}*q;=EXC@W,H}#nA4t:Cw9K^aciJqwM[.{=c<&HPþ3=F+{^m.z{{ʰdLO,jq,o.04&n99Sm6}a;Ds Tq`1K}9rlz!׆TF\=#ZIph5B;5x ezɍ DU<11Fզɝ$7`zg t vWp+XyPjR~GКXتtJ մhk~^N$ )G`mLFI pT`3Բ)̘d5B(qi+8<7>|>_zi}`nOKZ&9 kE$73F3%H@!a)ô5kFgĄ+'%؏n犲1r Tz!KbqjyQ(oāBhpM\"@H>S|ӠѠ=?$~aڐARr3% h/x ` 35*Lmaws.BtѸGq?]݆1:FƇ5Kq {7:tQ}>xd{Ca f>uW2[79ΥJ$DVz|Lƒ $Bѽ6B_3=m?݉"}x%ט1_[U~ UꚄ_RwEX &Z,D4K7y |̊W2qZDž&JZ {AFNPrdDhz߇B֝W5_7LUu+Lie(AN/[m ʩ`Is.YX1K x5< /ELqx*Xjϟ~x0۲!F^-]ec urrllŹ6N#9^L7ӥsG[߰|=M-GʐUjz47SaX0K">^sPfy9yFϐsFo[F5_O?n2һHGJO?3ҏ!x})4?3X~5:;'f$#hg:NF?2?A<>v͋_d_d^ds EF/>/2">G/3?fAYF _~{1?s w1~]h7]? ͐/W@Wq2_\gO诟A_!>dGHѿtߛ o2ɠ\'2u S.ryA/ ȋU৬tXB]f@zZ;*8n %9b#p75i2p[~|^YivxCbi1Q2UìEYRw8 0z󡧚Oiw_ j#niAnzם'5/[烫6hϦ"}yАh4|s&0J!J8o( |Q&ƀ;8 a 7OW5ӯ.{4v⻝1cl; *+r#\ӫͯa'3thxYeIjbo9Rʥ*D`q:EdxlD!*Eiث,1C=b{Ǩ[ɚFW70 E#3&ޠl ]_Ef,D '2T//{_A1B$@)2b'`{8z5Ҕ[?0}uf?.eP!AhMlI]'B똽6ӱ'cwЙ YBDKhգ{w9ıC+WZ 6 r|ּ MD|ߢ*tO] e/{[e 7VSA|3Se ]2FdX *2_J2,B;P&G+ӗXwȼO!KCkNhpн0r8]]\H~2$;- 7p,s7G1h9!nf9F+wjqcX~[ #zMa״nZ ӞRgAT @qX1hxJôFo0#9ţ*m&+3Σ̮UݞSw Ѻ -$ ?y6¾-~kӳLWmb-zʦnG)\//Ugm[xbbgg3P$2ƃ\ᥖ!?JwaXz F<#Nx !"~0q?K*_yt xD'S/!Iҗl* `8NU=SN`>X(8" "HH"3{Bl%؄o\sJdBZhy;F ݯ8 "sB s#b[MA%aıQ#tHϱf98va C >Hf[E/=W<c -?GbC!de_V붰p5oW23L OH\>oz^UE, O*ɉqgX1=KlCt[vU?l%y '_!~M|x`ãiб ߞ(2m-Eǝ.t };{/ݤd-+2dB%vlHYY҆Nw&ϺC1G8]! r"_Ran^eD$t@Ч4I cLcc} avwjx7o'{ٲq>Z.0mfhӧ[5Z@#5E`w`eD^p멎PhU|Al61^7Q$Tzsi(NA")Q z}1Qa)q PCY0u> ^*;[&wFTwF 5Aݥ7Sf. Z3*-DA+uLb\O +1n"1G2E$nA&/"Kho|w]˨«Ҡ$6_w?u#JwjGTX)=Y (1p\?esۈ _(}7y˧zb&R-X-8E]*/T*l:4plz_+>v}]qJʍ|]DijR#k|lD6б U+y_HFQIθQ1ȅ#4fnF@sٰb'c"hc)IаNkZi/:+?_>FNOPǣ;Qcjk0u GR󼶓 1i4wxҽz-z}I)B/>+EQ?7*4JXU*;ܒ`]uܦ'y4%C#AqaQ] r:ȭ 0fGԔQXRLn_Y2$q.#(B@k àm鼽e88^E!ЎbaD[0H]D4Jw7y0p;>~py"-$ҹNJ%RVkcJDv .?rn&&vs)CYf["# UNBLz!mNDb#$[7nl,xpMh44*o(I͝S>