Available Exploits 

• Sun Java JRE getSoundbank file:// URI Buffer Overflow
• Sun Java JRE AWT setDiffICM Buffer Overflow

Description

Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.

References

• APPLE: http://docs.info.apple.com/article.html?artnum=61798
• APPLE: http://docs.info.apple.com/article.html?artnum=61798
• BID-36881
• CVE-2009-3869
• OVAL: http://oval.mitre.org/oval/definitions/data/OVAL10741.html
• OVAL: http://oval.mitre.org/oval/definitions/data/OVAL11262.html
• OVAL: http://oval.mitre.org/oval/definitions/data/OVAL7400.html
• OVAL: http://oval.mitre.org/oval/definitions/data/OVAL8566.html
• REDHAT: http://rhn.redhat.com/errata/RHSA-2009-1694.html
• SECUNIA: http://secunia.com/advisories/37231/
• SECUNIA: http://secunia.com/advisories/37239/
• SECUNIA: http://secunia.com/advisories/37386/
• SECUNIA: http://secunia.com/advisories/37581/
• SECUNIA: http://secunia.com/advisories/37841/
• SUSE: http://www.novell.com/linux/security/advisories.html
• URL: http://www.vmware.com/security/advisories/VMSA-2010-0005.html

Solution

VMware VMware ESX Server >= 3.5 and < 4.0

Apply ESX350-201003403-SG.

See the vCenter Update Manager Administration Guide for instructions on using Update Manager to download and install patches to automatically update ESX 3.5 hosts.

To update ESX 3.5 hosts without using Update Manager, download the most recent patch bundle from http://www.vmware.com/download/vi/vi3_patches_35.html and install the bundle using esxupdate from the command line of the host. For more information, see the ESX Server 3 Patch Management Guide.

Related Vulnerabilities

• Apple Java security update for CVE-2009-3865
• Apple Java security update for CVE-2009-3866
• Apple Java security update for CVE-2009-3867
• Apple Java security update for CVE-2009-3868
• Apple Java security update for CVE-2009-3869
• Apple Java security update for CVE-2009-3871
• Apple Java security update for CVE-2009-3872
• Apple Java security update for CVE-2009-3873
• Apple Java security update for CVE-2009-3874
• Apple Java security update for CVE-2009-3875
• Apple Java security update for CVE-2009-3877
• JRE Audio and Image File Buffer and Integer Overflow Vulnerabilities
• JRE Deployment Toolkit Vulnerability
• JRE DER Decoding and HTTP Header Denial of Service Vulnerability
• JRE DER Decoding Denial of Service
• JRE HMAC Digest Flaw
• JRE Java Web Start JNLP Vulnerability
• JRE Multiple Overflows
• JRE Non-English Update Flaw
• JRE Timing Attack
• JRE Untrusted Application Privilege Escalation Vulnerability
• CESA-2009:1551: java-1.4.2-ibm security update
• CESA-2009:1584: java-1.6.0-openjdk security update
• CESA-2010:0408: java-1.4.2-ibm security update
• ELSA-2009-1584 Important: Enterprise Linux 5 java-1.6.0-openjdk security update
• RHSA-2009:1551: java-1.4.2-ibm security update
• RHSA-2009:1560: java-1.6.0-sun security update
• RHSA-2009:1571: java-1.5.0-sun security update
• RHSA-2009:1584: java-1.6.0-openjdk security update
• RHSA-2009:1643: java-1.4.2-ibm security update
• RHSA-2009:1647: java-1.5.0-ibm security update
• RHSA-2009:1662: Red Hat Network Satellite Server Sun Java Runtime security update
• RHSA-2009:1694: java-1.6.0-ibm security update
• RHSA-2010:0043: Red Hat Network Satellite Server IBM Java Runtime security update
• RHSA-2010:0408: java-1.4.2-ibm security update
• SUSE Linux Security Advisory: SUSE-SA:2009:058
• USN-859-1: OpenJDK vulnerabilities
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3869)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
• VMSA-2010-0002.4: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3864)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3865)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3866)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3867)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3868)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3871)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3872)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3873)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3874)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3875)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3876)
• VMSA-2010-0005: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2009-3877)