Digital Edition

SYS-CON.TV
Sun JRE Vulnerable to DoS Exploit, Reports Secunia
Sun JRE Vulnerable to DoS Exploit, Reports Secunia

A vulnerability has been confirmed in version 1.4.2_06 of Sun's JRE, and other versions may also be affected. Successful exploitation can potentially cause a DoS in the affected application.

Kurt Huwig reported it to Secunia, since such a vulnerability can potentially be exploited by malicious people to cause a DoS (Denial of Service) attack.

The vulnerability is caused due to an error in "com/sun/jndi/dns/DnsClient.java", which causes an internal counter to be negative after 32768 DNS requests. This can be exploited by triggering a large amount of DNS requests to cause an application, which performs DNS lookups, to get an DNS error thrown whenever a DNS request is done.

The solution, says Secunia, is to catch the DNS error thrown and use a new "InitialDirContext()" object.

About Security News Desk
SYS-CON's Security News desk trawls the world of security for news of software, hardware, products, and services that seems likely to be of interest to infosec professionals and summarizes them for easy assimilation by busy IT managers and staff.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

Presumably Sun will soon provide a vendor patch for this.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

The explosion of new web/cloud/IoT-based applications and the data they generate are transforming ou...
CI/CD is conceptually straightforward, yet often technically intricate to implement since it require...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple ...
Enterprises are striving to become digital businesses for differentiated innovation and customer-cen...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As au...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't com...
The now mainstream platform changes stemming from the first Internet boom brought many changes but d...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, wi...
DXWorldEXPO LLC announced today that Ed Featherston has been named the "Tech Chair" of "FinTechEXPO ...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: D...
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with e...
In this presentation, you will learn first hand what works and what doesn't while architecting and d...
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitori...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use ...
If your cloud deployment is on AWS with predictable workloads, Reserved Instances (RIs) can provide ...
Disruption, Innovation, Artificial Intelligence and Machine Learning, Leadership and Management hear...
We build IoT infrastructure products - when you have to integrate different devices, different syste...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling ...