[注意]Sun Solaris Java 运行时环境图形解析堆溢出漏洞

奶油小生

<div class="wentitle">
<h1><b>Sun Solaris Java 运行时环境图形解析堆溢出漏洞</b></h1></div>
<div class="wenzhuang"><span id="ggad_01" style="FLOAT: left; TEXT-ALIGN: center" width="250" height="250">
<script type="text/javascript"><!--
google_ad_client = "pub-0235996362693247";
google_alternate_color = "FFFFFF";
google_ad_width = 250;
google_ad_height = 250;
google_ad_format = "250x250_as";
google_ad_type = "text_image";
//2007-06-01: new
google_ad_channel = "9750640684";
google_color_border = "FFFFFF";
google_color_bg = "FFFFFF";
google_color_link = "000000";
google_color_text = "333333";
google_color_url = "666666";
//-->
</script>

<script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" type="text/javascript">
</script>
<iframe name="google_ads_frame" marginwidth="0" marginheight="0" src="http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-0235996362693247&amp;dt=1206443085520&amp;lmt=1205743555&amp;alt_color=FFFFFF&amp;format=250x250_as&amp;output=html&amp;correlator=1206443084969&amp;channel=9750640684&amp;url=http%3A%2F%2Fwww.nohack.cn%2Fbugs%2Fother%2F20080317%2F43609.html&amp;color_bg=FFFFFF&amp;color_text=333333&amp;color_link=000000&amp;color_url=666666&amp;color_border=FFFFFF&amp;ad_type=text_image&amp;ref=http%3A%2F%2Fwww.nohack.cn%2F&amp;frm=0&amp;cc=100&amp;ga_vid=145079465.1206443085&amp;ga_sid=1206443085&amp;ga_hid=532067869&amp;flash=9.0.115.0&amp;u_h=768&amp;u_w=1024&amp;u_ah=738&amp;u_aw=1024&amp;u_cd=32&amp;u_tz=480&amp;u_java=true" frameborder="0" width="250" scrolling="no" height="250" allowTransparency="allowTransparency" ></iframe></span>
<p><strong>受影响<a href="http://www.nohack.cn/jsj/system/" target="_blank">系统</a>：</strong><br/>Sun JDK &lt;= 6 Update 4<br/>Sun JDK &lt;= 5.0 Update 14<br/>Sun JRE &lt;= 6 Update 4<br/>Sun JRE &lt;= 5.0 Update 14</p>
<p><strong>不受影响<a href="http://www.nohack.cn/jsj/system/" target="_blank">系统</a>：</strong><br/>Sun JDK 6 Update 5<br/>Sun JDK 5.0 Update 15<br/>Sun JRE 6 Update 5<br/>Sun JRE 5.0 Update 15</p>
<p><strong>描述:</strong><br/>Solaris<a href="http://www.nohack.cn/jsj/system/" target="_blank">系统</a>的Java运行时环境（JRE）为JAVA应用<a href="http://www.nohack.cn/code/" target="_blank">程序</a>提供可靠的运行环境。 </p>
<p>Java运行时环境的图形解析库中在解析畸形JPEG图形的ICC配置文件时存在堆溢出<a href="http://www.nohack.cn/bugs/" target="_blank">漏洞</a>，以下是<a href="http://www.nohack.cn/bugs/" target="_blank">漏洞</a>代码：</p>
<p>&nbsp; Limit = SpGetUInt32 (Buf);<br/>...<br/>&nbsp; UInt16Ptr = (KpUInt16_t *)SpMalloc (Limit * (KpInt32_t)sizeof (*UInt16Ptr));<br/>...<br/>&nbsp; for (Index = 0; Index &lt; Limit; Index++)<br/>&nbsp;&nbsp;&nbsp; *UInt16Ptr++ = SpGetUInt16 (Buf);<br/>...</p>
<p>如果用户受骗打开了畸形的图形文件的话，就可以触发这个溢出，导致拒绝服务或执行任意代码。</p>
<p><strong>厂商补丁：<br/></strong>RedHat已经为此发布了一个<a href="http://www.nohack.cn/" target="_blank">安全</a>公告（RHSA-2008:0186-01）以及相应补丁:<br/>RHSA-2008:0186-01：Critical: java-1.5.0-sun security update<br/>链接：https://www.redhat.com/support/errata/RHSA-2008-0186.html</p>
<p>Sun已经为此发布了一个<a href="http://www.nohack.cn/" target="_blank">安全</a>公告（Sun-Alert-233325）以及相应补丁:<br/>Sun-Alert-233325：Vulnerabilties in the Java Runtime Environment image Parsing Library<br/>链接：http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-66-233325-1</p><br/></div>

luqluq2003

怎么没的什么东子或者文字了~~~~可以学习下吗??