The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of JDK, JRE: code execution via XSLT style sheets

Synthesis of the vulnerability 

When a XML signature contains a malicious style sheet, code can run with privileges of application.
Impacted products: Oracle iPlanet Web Server, Java Oracle, Sun AS.
Severity of this bulletin: 1/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/07/2007.
Revision date: 13/07/2007.
Références of this threat: 102945, 102992, 102993, 201255, 6519471, 6523817, 6534224, 6540248, 6542007, 6546271, 6567841, 6568090, BID-24850, CVE-2007-3715, CVE-2007-3716, VIGILANCE-VUL-6993.

Description of the vulnerability 

Version 6 of JDK and JRE implements a digital signature in XML format. This signature is associated to a XSLT style sheet.

An attacker can create a malicious style sheet. When application analyzes this style sheet, code can be run. It could be a buffer overflow.

Attacker can thus execute code with privileges of Java application analyzing XML signatures.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as Oracle iPlanet Web Server, Java Oracle, Sun AS.

Our Vigil@nce team determined that the severity of this vulnerability alert is low.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer threat announce.

Solutions for this threat 

Java JDK/JRE: version 6.0 Update 2.
Version 6.0 Update 2 is corrected:
  http://java.sun.com/javase/downloads/index.jsp
  http://java.sun.com/javase/6/webnotes/ReleaseNotes.html
For Solaris :
  Sparc :
    32 bits : patch 125136-04
    64 bits : patch 125137-04
  x86 :
    32 bits : patch 125138-04
    64 bits : patch 125139-04

Sun Java System AS 8.2: patch for XSLT.
A patch is available:
SPARC Platform
 - Platform Edition 8.2 : file-based patch 124679-01, SVR4 patch 124672-02
 - Enterprise Edition 8.2 : file-based patch 124675-01, SVR4 patch 124672-02
x86 Platform
 - Platform Edition 8.2 : file-based patch 124680-01, SVR4 patch 124673-02
 - Enterprise Edition 8.2 : file-based patch 124676-01, SVR4 patch 124673-02
Linux
 - Platform Edition 8.2 : patch 124681-01, RHEL3.0/RHEL4.0 (Pkg_patch) 124674-02
 - Enterprise Edition 8.2 : file-based patch 124677-01, RHEL3.0/RHEL4.0 (Pkg_patch) 124674-02
Windows
 - Platform Edition 8.2 : file-based patch 124682-01
 - Enterprise Edition 8.2 : file-based patch 124678-01, package-based patch 124684-02

Sun Java System AS 9.0: patch for XSLT.
A patch is available:
  SPARC : file-based patch 124609-05
  x86 : file-based patch 124610-05
  Linux : file-based patch 124611-05
  Windows : file-based patch 124612-05

Sun Web Server 7.0: patch for SSLv2 and XSLT.
A patch is available:
 - Solaris Sparc : 125437-07
 - Solaris x86 : 125438-07
 - Linux : 125439-07
 - HP-UX : 125440-01
 - Windows : 125441-06

Sun Web Server 7.0: Update 1.
Version 7.0 Update 1 is corrected:
  http://www.sun.com/download/products.xml?id=467713d6
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability alert. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.