IBM Support

Java拒绝服务安全漏洞导致JRE/JDK挂起(CVE-2010-4476)

Created by Donald Nong on
Published URL:
https://www.ibm.com/support/pages/node/151745
151745

Security Bulletin


Summary

[Simplified Chinese]这则安全警报是向您说明:Java拒绝服务(DoS)安全漏洞会导致Java运行时环境(JRE)和Java开发包(JDK)挂起。这适用于所有附带或包装Java实例的IBM Rational产品。

Vulnerability Details

这则安全警报用以处理一个安全问题 CVE-2010-4476

此安全漏洞会导致Java运行时环境进入挂起,死循环,甚至崩溃从而引致拒绝服务的状况。如果数字没有使用科学计数法表示(324位小数),同样的挂起问题也会出现。除了应用服务器会遭受攻击外,任何使用Double.parseDouble方法的Java程序也存在危险,其中包括任何用户编写的或者第三方编写的应用。

(当转换"2.2250738585072012e-308"到一个二进制浮点数的时候Java运行时环境会挂起)。

此问题会影响所有IBM支持平台上的所有Java版本。

如果您的IBM Rational产品使用WebSphere应用服务器(比如IBM Rational ClearCase所使用的IBM Rational Change Management (CM) Server, IBM Rational Application Developer等等), 请参考WebSphere的特别指引来解决这个问题:
http://www-01.ibm.com/support/docview.wss?uid=swg21462019

如果您需要升级WebSphere应用服务器或者应用最新补丁,请参考下面的技术文档:

Technote 1390803 How to update the IBM WebSphere Application Server components in
Rational ClearCase and Rational ClearQuest 7.1

其他应用服务器可能也已修复了此问题,比如Apache Tomcat(曾被用于Rational的老产品)就特此发放了Tomcat补丁

对于其他非IBM的Java实例或者应用服务器,请直接联络相关的厂商。



解决问题

许多应用Java技术的IBM Rational产品可能会在系统中附带或者安装一个或者多个版本的Java。

IBM提供一个更新工具用以确认系统中可能存在漏洞的IBM Java实例, 并在必要时安装补丁(您需要根据Java主版本(比如1.4.x, 1.5, 1.6)和系统平台来下载相应的补丁)。请参考补丁下载

IBM也提供一个测试用例工具用以检查IBM提供的Java是否受到该问题的影响(或者Java是否已经打过补丁)。

测试用例是可执行JAR文件, 可以用以下命令行运行:

java -jar ParseDoubleTest.jar

如果漏洞未被修复,测试会失败:

> java -jar ParseDoubleTest.jar
Test failed

如果漏洞已被修复,测试会成功:

> java -jar ParseDoubleTest.jar
Test succeeded

示例:

  1. 通过更新来"发现"备选的Java实例

    > java -jar JavaUpdateInstaller.jar -discover all

    这将会搜索整个磁盘来获取所有IBM Java实例。

  2. 软件交付平台上应用补丁

    (如IBM Rational Functional Tester和IBM Rational Software Architect)

    在应用补丁前检查Java版本:

    C:\Progra~1\IBM\SDP\jdk\bin\java -version
    java version "1.6.0"
    Java(TM) SE Runtime Environment (build pwi3260sr8-20100409_01(SR8))
    IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows XP x86-32 jvmwi3260sr8-20100401_55940 (JIT enabled, AOT enabled)
    J9VM - 20100401_055940
    JIT - r9_20100401_15339
    GC - 20100308_AA)
    JCL - 20100408_01


    在Microsoft Windows上面运行更新工具:

    C:\UpdateInstallerforJava>java -jar JavaUpdateInstaller.jar -install c:\IZ94423_FIX_1.jar C:\Progra~1\IBM\SDP\jdk

    Installs the specified update to the SDK if applicable.
    -------------------------------------------------------------------------
    Installing the update IZ94423_FIX_1 to the SDK: C:\Progra~1\IBM\SDP\jdk ...
    IZ94423_FIX_1 has been successfully installed to SDK C:\Progra~1\IBM\SDP\jdk


    确认Java的版本:

    C:\Progra~1\IBM\SDP\jdk\bin\java -version
    java version "1.6.0"
    Java(TM) SE Runtime Environment (build pwi3260sr8-20100409_01(SR8) + IZ94423_FIX_1)
    IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows XP x86-32 jvmwi3260sr8-20100401_55940 (JIT enabled, AOT enabled)
    J9VM - 20100401_055940
    JIT - r9_20100401_15339
    GC - 20100308_AA)
    JCL - 20100408_01


  3. 如果您尝试安装错误版本的补丁,更新工具会提示您:

    C:\UpdateInstallerforJava>java -jar JavaUpdateInstaller.jar -install c:\IZ94423_FIX_1.jar C:\java

    Installs the specified update to the SDK if applicable.
    -------------------------------------------------------------------------
    Update IZ94423_FIX_1 is not applicable to SDK - C:\java. Update IZ94423_FIX_1
    can be installed to JDK with version(s)

    1) 1.6.0


  4. 更新IBM Rational ClearCase/ClearQuest客户端组件(例如ClearCase远程客户端, ClearQuest客户端和ClearQuest Designer等)使用的Java:

    更新:参考
    技术文档1511965在ClearCase和ClearQuest中应用IZ94423以处理安全问题CVE-2010-4476以了解解决方案的详情。

    C:\Program Files (x86)\IBM\RationalSDLC\common\JAVA5.0\jre\bin>.\java -version

    java version "1.5.0"
    Java(TM) 2 Runtime Environment, Standard Edition (build pwi32devifx-20100511b (SR11 FP2 ))
    IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows Server 2003 x86-32 j9vmwi3223ifx-20100511 (JIT enabled)
    J9VM - 20100509_57823_lHdSMr
    JIT - 20091016_1845ifx7_r8
    GC - 20091026_AA)
    JCL - 20100511a

    C:\Program Files (x86)\IBM\RationalSDLC\common\JAVA5.0\jre\bin>.\java -jar ParseDoubleTest.jar
    Test failed

    C:\UpdateInstallerforJava>java -jar JavaUpdateInstaller.jar -install c:\IZ94331_FIX_1.jar "C:\Program Files (x86)\IBM\RationalSDLC\Common\JA
    VA5.0"
    Installs the specified update to the SDK if applicable.
    -------------------------------------------------------------------------
    Installing the update IZ94331_FIX_1 to the SDK: C:\Program Files
    (x86)\IBM\RationalSDLC\Common\JAVA5.0 ...

    IZ94331_FIX_1 has been successfully installed to SDK C:\Program Files
    (x86)\IBM\RationalSDLC\Common\JAVA5.0
    -------------------------------------------------------------------------

    C:\Program Files (x86)\IBM\RationalSDLC\common\JAVA5.0\jre\bin>.\java -version
    java version "1.5.0"
    Java(TM) 2 Runtime Environment, Standard Edition (build pwi32devifx-20100511b (SR11 FP2 ))
    IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Windows Server 2003 x86-32 j9vmwi3223ifx-20100511 (JIT enabled)
    J9VM - 20100509_57823_lHdSMr
    JIT - 20091016_1845ifx7_r8
    GC - 20091026_AA)
    JCL - 20100511a


    补丁安装成功,但是Java的版本并没有改变。ParseDoubleTree可以被用于检查Java实例是否存在漏洞:

    C:\Program Files (x86)\IBM\RationalSDLC\common\JAVA5.0\jre\bin>.\java -jar ParseDoubleTest.jar
    Test succeeded


请联络IBM Rational客户支持以获取更多信息。


最新状态


IBM Rational正在以最高优先级别调查此问题,并将会提供相应的补丁。

此安全警报会根据最新情况及时更新。

更新历史
2011年9月9日增添有关ClearCase和ClearQuest的修订说明

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Internal Use Only

Title: Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476) Database 'DCF Technotes (Rational)', View 'Products', Document 'Denial of Service Security Exposure with Java causes JRE/JDK hang (CVE-2010-4476)'
IMPORTANT: This technote should not be modified unless the English version has been updated first. Click the doc link above and submit an update to the English technote.


The English technote equivalent to this one has been updated as noted below.
Please review the content and update the translated version as required.
When complete, send the translated technote to be published.

Added the following update to example #4,

Update: Refer to technote 1509635 Applying IZ94423 to address CVE-2010-4476 in ClearCase and ClearQuest for updated resolution details.

Also changed the doc type from "Alert" to "preventative service planning" and added a history table at the bottom of the document.

[{"Product":{"code":"SS7DVG","label":"IBM Engineering Lifecycle Optimization - Method Composer"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSUC3U","label":"IBM Engineering Workflow Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1;7.1.1;7.1.2","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}},{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSRTLW","label":"Rational Application Developer for WebSphere Software"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}},{"Product":{"code":"SS4JCV","label":"Rational Software Architect for WebSphere Software"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB15","label":"Integration"}},{"Product":{"code":"SSYK2S","label":"Rational Software Architect Designer"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}},{"Product":{"code":"SS5JSH","label":"Rational Software Architect RealTime Edition"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"SS6RBX","label":"Rational System Architect"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSKR2T","label":"IBM Engineering Requirements Management DOORS"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSJMXE","label":"IBM Rational Functional Tester"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"General Information","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Product Synonym

Rational Team Concert;Rational Method Composer

Document Information

Modified date:
10 September 2020

UID

swg21469939