Bug 674336 - (CVE-2010-4476) CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=internet,public=20110201,repor...
: Security
: 675347 (view as bug list)
Depends On: 674599 674601 674918 674919 674921 674922 676010 676011 676275 676277 676294 676295 676694 676695 676696 678534 678535 678536 678539 678540 678541 678545 678546 679532 679533 679535 802293
Blocks: 712887
  Show dependency treegraph
 
Reported: 2011-02-01 09:38 EST by Marc Schoenefeld
Modified: 2012-03-12 05:33 EDT (History)
24 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-08 10:44:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBPAPP-5849 Blocker Resolved CVE-2010-4476 JBossweb update fixing JDK double bug 2014-01-24 04:39:21 EST

  None (edit)
Description Marc Schoenefeld 2011-02-01 09:38:00 EST
The post on http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/ describes a (on first sight) trivial DoS 
when parsing strings into Java Double objects. However that code could likely occur in serialization routines, http header parsing and impair 
server availability. 

Runtime (java app hang):

class runhang {
public static void main(String[] args) {
  System.out.println("Test:");
  double d = Double.parseDouble("2.2250738585072012e-308");
  System.out.println("Value: " + d);
 }
}

DevTime (javac hang):

class compilehang {
public static void main(String[] args) {
  double d = 2.2250738585072012e-308;
  System.out.println("Value: " + d);
 }
}
Comment 12 Andrew John Hughes 2011-02-02 08:39:41 EST
There is no bug in ecj.  Running the native gcj version works fine.

$ ecj CompileHang.java 
$ gij CompileHang
Value: 2.225073858507201E-308

It's only broken when running on the broken JDK libraries.
Comment 16 Andrew Haley 2011-02-02 11:22:03 EST
Patch is now pubic:

http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
Comment 17 Andrew John Hughes 2011-02-02 11:30:54 EST
Assuming the discussion goes well, can you make sure this gets into the IcedTea6 branches (1.7, 1.8, 1.9) prior to the SSR on the 15th of February to ensure a timely release?

Thanks.
Comment 22 Jean-frederic Clere 2011-02-04 02:23:42 EST
Note that the work-around I commented has a typo it should be:
+++
RewriteEngine On
RewriteCond %{HTTP:Accept-Language}  [0-9]{4,}
RewriteRule .+   -   [G]
+++
Comment 24 Marc Schoenefeld 2011-02-07 07:14:06 EST
The work-around is in Tomcat 6.0.32 and 7.0.8 and will be in 5.5.33, and has been worked around in the following commits:
http://svn.apache.org/viewvc?rev=1066244&view=rev 7.0.x
http://svn.apache.org/viewvc?rev=1066315&view=rev 6.0.x
http://svn.apache.org/viewvc?rev=1066318&view=rev 5.5.x
Comment 25 Vincent Danen 2011-02-07 11:54:10 EST
*** Bug 675347 has been marked as a duplicate of this bug. ***
Comment 29 Jean-frederic Clere 2011-02-09 02:53:08 EST
Oracle have fixed it:

http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Comment 32 Gerrit Slomma 2011-02-09 06:39:29 EST
Would this be addressed for the java-1.6.0-sun in the supplementary-repo too?
And when does 1.6.0_23 get released?
Comment 35 errata-xmlrpc 2011-02-10 14:31:04 EST
This issue has been addressed in following products:

  JBEAP 4.3.0 for RHEL 4
  JBEAP 4.3.0 for RHEL 5
  JBEAP 4.2.0 for RHEL 4
  JBEAP 4.2.0 for RHEL 5
  JBEAP 5 for RHEL 4
  JBEAP 5 for RHEL 5

Via RHSA-2011:0210 https://rhn.redhat.com/errata/RHSA-2011-0210.html
Comment 36 errata-xmlrpc 2011-02-10 14:36:30 EST
This issue has been addressed in following products:

  JBEWP 5 for RHEL 4
  JBEWP 5 for RHEL 5

Via RHSA-2011:0211 https://rhn.redhat.com/errata/RHSA-2011-0211.html
Comment 37 errata-xmlrpc 2011-02-10 14:41:44 EST
This issue has been addressed in following products:

  JBEAP 4.2.0
  JBEAP 4.3.0
  JBEAP 5

Via RHSA-2011:0212 https://rhn.redhat.com/errata/RHSA-2011-0212.html
Comment 38 errata-xmlrpc 2011-02-10 14:46:55 EST
This issue has been addressed in following products:

  JBEWP 5

Via RHSA-2011:0213 https://rhn.redhat.com/errata/RHSA-2011-0213.html
Comment 40 errata-xmlrpc 2011-02-10 19:48:18 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2011:0214 https://rhn.redhat.com/errata/RHSA-2011-0214.html
Comment 41 Schlomo Schapiro 2011-02-15 08:57:51 EST
(In reply to comment #32)
> Would this be addressed for the java-1.6.0-sun in the supplementary-repo too?
> And when does 1.6.0_23 get released?

I am also interested in this info, as well when will the 1.6.0_24 update be released? This update will also fix the parseDouble bug and be released shortly by Oracle.
Comment 42 Marc Schoenefeld 2011-02-15 09:11:58 EST
Oracle announced [1] that CVE-2010-4476 in Sun JDK will be fixed with next Critical Patch Update, scheduled for release on Feb 15th [2]. JDK 6u24 will then be made available in Red Hat Enterprise Linux 4 Extras and 5 and 6 Supplementary shortly after this release.

[1] http://www.oracle.com/technetwork/java/javase/fpupdater-tool-readme-305936.html
[2] http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Comment 43 errata-xmlrpc 2011-02-17 13:14:43 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6
  Extras for RHEL 4

Via RHSA-2011:0282 https://rhn.redhat.com/errata/RHSA-2011-0282.html
Comment 47 errata-xmlrpc 2011-02-22 12:22:22 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:0292 https://rhn.redhat.com/errata/RHSA-2011-0292.html
Comment 48 errata-xmlrpc 2011-02-22 12:22:47 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6
  Extras for RHEL 4

Via RHSA-2011:0291 https://rhn.redhat.com/errata/RHSA-2011-0291.html
Comment 49 errata-xmlrpc 2011-02-22 12:28:09 EST
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5
  Extras for RHEL 4

Via RHSA-2011:0290 https://rhn.redhat.com/errata/RHSA-2011-0290.html
Comment 52 errata-xmlrpc 2011-02-23 13:41:11 EST
This issue has been addressed in following products:

  RHEL 4 for SAP
  RHEL 5 for SAP
  RHEL 6 for SAP

Via RHSA-2011:0299 https://rhn.redhat.com/errata/RHSA-2011-0299.html
Comment 53 errata-xmlrpc 2011-03-09 13:41:00 EST
This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 4.3.CP04 and 5.0.2

Via RHSA-2011:0333 https://rhn.redhat.com/errata/RHSA-2011-0333.html
Comment 54 errata-xmlrpc 2011-03-09 13:46:22 EST
This issue has been addressed in following products:

  JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.0

Via RHSA-2011:0334 https://rhn.redhat.com/errata/RHSA-2011-0334.html
Comment 55 errata-xmlrpc 2011-03-09 15:52:35 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0335 https://rhn.redhat.com/errata/RHSA-2011-0335.html
Comment 56 errata-xmlrpc 2011-03-09 16:08:06 EST
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2011:0336 https://rhn.redhat.com/errata/RHSA-2011-0336.html
Comment 57 errata-xmlrpc 2011-03-10 19:38:39 EST
This issue has been addressed in following products:

  JBEWS 1.0 for RHEL 4
  JBEWS 1.0 for RHEL 5

Via RHSA-2011:0348 https://rhn.redhat.com/errata/RHSA-2011-0348.html
Comment 58 errata-xmlrpc 2011-03-10 19:59:00 EST
This issue has been addressed in following products:

  JBEWS 1.0 for RHEL 5
  JBEWS 1.0 for RHEL 4

Via RHSA-2011:0349 https://rhn.redhat.com/errata/RHSA-2011-0349.html
Comment 59 errata-xmlrpc 2011-03-10 20:09:30 EST
This issue has been addressed in following products:

  JBoss Enterprise Web Server 1.0

Via RHSA-2011:0350 https://rhn.redhat.com/errata/RHSA-2011-0350.html
Comment 61 errata-xmlrpc 2011-06-16 15:24:31 EDT
This issue has been addressed in following products:

  Red Hat Network Satellite Server v 5.4

Via RHSA-2011:0880 https://rhn.redhat.com/errata/RHSA-2011-0880.html

Note You need to log in before you can comment on or make changes to this bug.