Sun Java虚拟机段非法访问漏洞-安全小百科

Sun Java虚拟机段非法访问漏洞

漏洞ID	1106597	漏洞类型	其他
发布时间	2002-01-30	更新时间	2005-10-20
CVE编号	CVE-2002-2072	CNNVD-ID	CNNVD-200212-282
漏洞平台	Linux	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/21259
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-282

|漏洞详情

Java程序运行于Java虚拟机(JVM)的解释环境。Sun提供了多种平台下的JVM，包括Solaris，Windows，Linux。一个恶意结构的Java程序可以使SunJVM崩溃，因此导致共享环境拒绝服务。SunJVM的Linux发行版本已经证实存在这个漏洞。

|漏洞EXP

source: http://www.securityfocus.com/bid/3992/info

Java programs run in an intepreted environment, the Java Virtual Machine (JVM). Sun has provided a reference JVM implementation for multiple platforms, including Solaris, Windows and Linux.

It is possible for a maliciously constructed, valid java program to crash the Sun JVM. This may result in a denial of service attack in a shared environment. The ability to consistantly exploit this vulnerability has been demonstrated on the Linux version of the Sun JVM.

public class CrashMe
{
    public static void main(String[] args)
    {
        java.security.AccessController.doPrivileged
        ((java.security.PrivilegedAction)null);
    }
}

|参考资料

来源:BID
名称:3992
链接:http://www.securityfocus.com/bid/3992
来源:XF
名称:sun-jre-jvm-dos(8042)
链接:http://www.iss.net/security_center/static/8042.php
来源:SECTRACK
名称:1003418
链接:http://securitytracker.com/id?1003418
来源：NSFOCUS
名称：2253
链接：http://www.nsfocus.net/vulndb/2253

相关推荐: xml_elem.c for XMLStarlet Command Line XML Toolkit xml_elem.c格式串漏洞

xml_elem.c for XMLStarlet Command Line XML Toolkit xml_elem.c格式串漏洞漏洞ID 1200761 漏洞类型格式化字符串发布时间 2004-12-31 更新时间 2004-12-31 CVE编号 …

文章版权归作者所有，未经允许请勿转载。

THE END