Security Vulnerability in the Simple Authentication and Security Layer (SASL) Library Bundled with the Java Enterprise System (JES) may Allow Unprivileged Users to Crash Applications Using the sasl_encode64 Function

---

Security Vulnerability in the Java Enterprise System Simple Authentication and Security Layer (SASL) library sasl_encode64 routine:

1. Impact

A buffer overflow security vulnerability in the Simple Authentication and Security Layer (SASL) library bundled with the Java Enterprise System (JES) may allow local or remote unprivileged users to crash applications which use the sasl_encode64 SASL library function.

None of the Sun Java Enterprise System (JES) products which use SASL are impacted by this issue however third-party applications that have a dynamic dependency on the SASL library bundled with JES may be affected.

This vulnerability is also described in the following documents:

CERT VU#238019 at:

• http://www.kb.cert.org/vuls/id/238019

CVE-2009-0688 at:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0688

Sun Alert 259148 at:

• http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1
  

2. Contributing Factors

This issue can occur in the following releases:

SPARC Platform

• Solaris 8 (with package SUNWsasl installed) without patch 115328-08
• Solaris 9 (with package SUNWsasl installed) without patch 115342-08
• Solaris 10 (with package SUNWsasl installed) without patch 119345-07
  

x86 Platform

• Solaris 9 (with package SUNWsasl installed) without patch 115343-08
  
• Solaris 10 (with package SUNWsasl installed) without patch 119346-07

Linux Platform:

• RHEL 3.0 (with package sun-sasl installed) without patch 141938-01
• RHEL 4.0 (with package sun-sasl installed) without patch 141939-01
• RHEL 5.0 (with package sun-sasl installed) without patch 141939-01

HP-UX Platform:

• HP-UX 11.11 and above (with package sun-sasl installed) without patch 141940-01

To determine which patch level for sun-sasl is installed, the following command may be used:

    $ /usr/sbin/swlist 141940\*

Windows Platform:

• Windows 2000, XP, 2003 and above with Java Enterprise System 2005Q4 installed and without patch 141941-01
  

Note 1: Solaris 8 on the x86 platform does not bundle the Java Enterprise System Simple Authentication and Security Layer (SASL), and therefore is not vulnerable to this issue.

Note 2: This issue only occurs on systems that have the SUNWsasl package installed. To determine if the package SUNWsasl is installed on a system, one of the following commands can be used:

Solaris Platform:

    $ /usr/bin/pkginfo -l SUNWsasl

Linux Platform:

    $ /bin/rpm -q sun-sasl

Note: Linux "sun-sasl" packages 2.19-5 and earlier are vulnerable to this issue.

HP-UX Platform:

    $ /usr/sbin/swlist sun-sasl

Windows Platform:

Java Enterprise System Simple Authentication and Security Layer (SASL) can be installed on the Windows Platform only via an installation of the Sun Java Enterprise System 5 or higher.

To determine if  Sun Java Enterprise System is installed, go to "Add or Remove Programs" from the "Control Panel" and check if "Sun Java(TM) Enterprise System 5" is listed as being currently installed.

To determine the list of JES patches installed on the system, the following command can be used:

    <JES installation directory>\utils\patch\ListJavaESPatches.exe

3. Symptoms

If the described issue occurs, the application that links to the Java Enterprise System Simple Authentication and Security Layer (SASL) library may crash, potentially leaving a core file depending on the system configuration.

4. Workaround

There is no workaround for this issue. Please see the Resolution section below.

5. Resolution

This issue is addressed in the following releases:

SPARC Platform

• Solaris 8 with patch 115328-08 or later
• Solaris 9 with patch 115342-08 or later
• Solaris 10 with patch 119345-07 or later
  

x86 Platform

• Solaris 9 with patch 115343-08 or later
• Solaris 10 with patch 119346-07 or later

Linux Platform:

• RHEL 3.0 with patch 141938-01 or later
• RHEL 4.0 with patch 141939-01 or later
• RHEL 5.0 with patch 141939-01 or later

HP-UX Platform:

• HP-UX 11.11 and above with patch 141940-01 or later
  

Windows Platform:

• Windows 2000, XP, 2003 and above with patch 141941-01 or later

For more information on Security Sun Alerts, see Technical Instruction ID 213557.

This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun Alert notification may only be used for the purposes contemplated by these agreements.

Copyright 2000-2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.




Attachments

This solution has no attachment