United States | English [Change]
Welcome, Guest

Nortel response to Sun Java JDK / JRE Multiple Vulnerabilities

Description: http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1 Sun Microsystems has recently issued fixes for multiple vulnerabilities in Sun Java. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. This bulletin addresses the following potential vulnerabilites: 1) Two unspecified errors in the Java Runtime Environment Virtual Machine can be exploited by a malicious, untrusted applet to read and write local files and execute local applications. 2) An unspecified error in the Java Runtime Environment (JRE) when processing XSLT transformations can be exploited by untrusted applets or applications to e.g. read certain URL resources or potentially execute arbitrary code. 3) A boundary error exists in the "useEncodingDecl()" function when parsing the xml header character encoding attribute. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing an overly long charset name in the xml header. 4) A boundary error exists in the "useEncodingDecl()" function when processing xml-based JNLP files for UTF8 characters. This can be exploited to cause a stack-based buffer overflow and execute arbitrary code via a specially crafted JNLP file containing overly long key name in the xml header. 5) A boundary error exist in Java Web Start, which can be exploited e.g. by an untrusted Java Web Start application to read and w
Type: Security Advisories
Number: 2008008808, Rev 1
Status: Retired
Date: 2008-05-07


Bulletin Downloads
Title Extension File Size Language
    Nortel response to Sun Java JDK / JRE Multiple Vulnerabilities
Checksum: 1e645b29883d8548e8b5dd82c7ae9a1d  [MD5]		 [pdf] 29816 bytes English  




Associated Products
Application Server 5200
BroadBand STP
Bulletin temp product
CDMA Network Manager
CDMA Networks
CDMA SuperNode Data Manager
Circuit Switching
Communication Control Toolkit
Communication Server 1000 Telephony Manager
Communication Server 2000
Communication Server 2000 Core Manager
Communication Server 2000 Session Server Trunks
Communication Server 2000-Compact
Communication Server 2100
Contact Center - Multimedia
Contact Center Portfolio
DMS-100 SSP
DMS-100/200 Local Switching Systems
DMS-250
DMS-500
DMS-Global Services Platform
DMS-STP
DMS-STP/SSP IntegratedNode (INode)
Enterprise Network Management System
Extended Peripheral Module (XPM)
GSM Networks
GSM-UMTS Home Location Register
GSM-UMTS Mobile Switching Center Server
GSM-UMTS SuperNode Data Manager
INM Networks
  
Integrated Access - Cable
Integrated Element Management System (IEMS)
Media Gateway 9000
Media Processing Server (MPS) 1000
Media Processing Server (MPS) 500
Meridian SL-100
Multi-Wavelength Optical Repeater (MOR/MOR Plus)
Multimedia Communication Server 5100
Multiservice Data Manager (MDM)
OPTera Long Haul 4000 Optical Line System
OPTera Long Haul Optical Amplifier Shelf
Optical Network Manager
Optical Network Manager Trail Manager
Optivity Telephony Manager for SL-100
Packet Transit - AAL2
Packet Transit - IP
Packet Trunking - AAL1
Periphonics Speech Platform
Preside Management for Metro Optical Networks
Self-Service Portfolio
Services Edge Router 5500
Spectrum Peripheral Module (SPM)
Speech and Self-Service
SuperNode Data Manager
UMTS Networks
Universal Access - AAL1
Universal Access - IP
VoIP Infrastructure Solutions
Wireless Network Management System (W-NMS)
XA-Core