Description
Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.
Product(s):
- Sun JRE 1.4.2
- Sun Jre Update10 1.4.2
- Sun Jre Update11 1.4.2
- Sun JRE 1.4.2_12
- Sun Jre Update13 1.4.2
- Sun JRE 1.4.2_14
- Sun Jre Update15 1.4.2
- Sun Jre Update19 1.4.2
- Sun JRE 1.4.2_1
- Sun JRE 1.4.2_21
- Sun Jre Update28 1.4.2
- Sun JRE 1.4.2_2
- Sun JRE 1.4.2_4
- Sun JRE 1.4.2_5
- Sun Jre Update6 1.4.2
- Sun JRE 1.4.2_7
- Sun JRE 1.4.2_8
- Sun JRE 1.4.2_9
- Sun JRE 1.5.0
- Sun JRE 1.5.0_10 (JRE 5.0 Update 10)
- Sun JRE 1.5.0_11 (JRE 5.0 Update 11)
- Sun JRE 1.5.0_12 (JRE 5.0 Update 12)
- Sun JRE 1.5.0_13 (JRE 5.0 Update 13)
- Sun JRE 1.5.0_14 (JRE 5.0 Update 14)
- Sun JRE 1.5.0_15 (JRE 5.0 Update 15)
- Sun JRE 1.5.0_16 (JRE 5.0 Update 16)
- Sun JRE 1.5.0_17 (JRE 5.0 Update 17)
- Sun JRE 1.5.0_18 (JRE 5.0 Update 18)
- Sun JRE 1.5.0_19 (JRE 5.0 Update 19)
- Sun JRE 1.5.0_1 (JRE 5.0 Update 1)
- Sun JRE 1.5.0_20 (JRE 5.0 Update 20)
- Sun JRE 1.5.0_21 (JRE 5.0 Update 21)
- Sun JRE 1.5.0_22 (JRE 5.0 Update 22)
- Sun JRE 1.5.0_23 (JRE 5.0 Update 23)
- Sun JRE 1.5.0_24 (JRE 5.0 Update 24)
- Sun JRE 1.5.0_25 (JRE 5.0 Update 25)
- Sun JRE 1.5.0_26 (JRE 5.0 Update 26)
- Sun JRE 1.5.0_27 (JRE 5.0 Update 27)
- Sun JRE 1.5.0_28 (JRE 5.0 Update 28)
- Sun JRE 1.5.0_29 (JRE 5.0 Update 29)
- Sun JRE 1.5.0_2 (JRE 5.0 Update 2)
- Sun JRE 1.5.0_31 (JRE 5.0 Update 31)
- Sun JRE 1.5.0_33 (JRE 5.0 Update 33)
- Sun JRE 1.5.0_3 (JRE 5.0 Update 3)
- Sun JRE 1.5.0_4 (JRE 5.0 Update 4)
- Sun JRE 1.5.0_5 (JRE 5.0 Update 5)
- Sun JRE 1.5.0_6 (JRE 5.0 Update 6)
- Sun JRE 1.5.0_7 (JRE 5.0 Update 7)
- Sun JRE 1.5.0_8 (JRE 5.0 Update 8)
- Sun JRE 1.5.0_9 (JRE 5.0 Update 9)
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-1503, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-1503 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.