TITLE:
Sun Java JRE Deserialization Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA17478

VERIFY ADVISORY:
http://secunia.com/advisories/17478/

CRITICAL:
Less critical

IMPACT:
DoS

WHERE:
>From remote

SOFTWARE:
Sun Java JRE 1.5.x / 5.x
http://secunia.com/product/4228/
Sun Java JRE 1.4.x
http://secunia.com/product/784/
Sun Java JRE 1.3.x
http://secunia.com/product/87/
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Sun Java SDK 1.3.x
http://secunia.com/product/1660/
Sun Java SDK 1.4.x
http://secunia.com/product/1661/

DESCRIPTION:
Marc Schoenefeld has reported a vulnerability in Sun Java Runtime
Environment (JRE), which can be exploited by malicious people to
cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the
handling of serialized Java objects. This can be exploited to crash
the Java Virtual Machine (JVM) via an application deserializing
objects from untrusted sources.

The vulnerability has been reported in versions 1.4.2_08, 1.4.2_09,
and 1.5.0_05. Prior versions may also be affected.

SOLUTION:
The vulnerability will reportedly be fixed by the vendor in upcoming
releases for 1.3.x, 1.4.x, and 1.5.x.

Restrict applications from deserializing objects from untrusted
sources.

PROVIDED AND/OR DISCOVERED BY:
Marc Schoenefeld

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------