Flash (Alert)
Abstract
A problem in the way that Java handles a specific numerical conversion could be exploited by a malicious user and cause an affected server to hang. IBM Tivoli Monitoring (ITM) software products rely on the Java Runtime Environment (JRE). We recommend administrators apply the appropriate fixes to prevent this exposure.
Content
Description:
This Flash addresses a serious critical issue CVE-2010-4476 (Java Runtime Environment hangs when converting "2.2250738585072012e-308" to a binary floating-point number). This vulnerability can cause the JRE to go into an hang or crash resulting in a denial of service exposure.
IBM Tivoli Monitoring Versions Affected:
The JRE's shipped with IBM Tivoli Monitoring Versions 6.1.0 through 6.2.2 Fix Pack 3, for Distributed platforms.
IBM Tivoli Monitoring Version
|
Operating Systems
|
Included JRE Version
|
JRE Install Path(s)
|
610 up to latest available maintenance release 610 Fix Pack 7 Interim Fix 6 |
AIX, HP-UX, Linux, Solaris, Windows |
1.4.x |
$CANDLEHOME (Unix/Linux) %ProgramFiles% (Win 32) %ProgramFiles(x86)% (Win 64) |
620 up to latest available maintenance release 620 Fix Pack 3 Interim Fix 3 |
AIX, HP-UX, Linux, Solaris, Windows |
1.5.x |
$CANDLEHOME (Unix/Linux/Win) %ProgramFiles% (Win 32) %ProgramFiles(x86)% (Win 64) |
621 to latest available maintenance release 621 Fix Pack 4 |
AIX, HP-UX, Linux, Solaris, Windows |
1.5.x |
$CANDLEHOME (Unix/Linux/Win) %ProgramFiles% (Win 32) %ProgramFiles(x86)% (Win 64) |
622 to latest available maintenance release 622 Fix Pack 3 |
AIX, HP-UX, Linux, Solaris, Windows |
1.5.x |
$CANDLEHOME (Unix/Linux/Win) %ProgramFiles% (Win 32) %ProgramFiles(x86)% (Win 64) |
This issue will not apply for JRE versions included in future IBM Tivoli Monitoring Fix Packs later than those listed in the table above.
Solution:
The following link provides information about the patch files for all JRE's included in the various versions of IBM Tivoli Monitoring:
http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html
We are working on procedures for updating existing ITM installations. Please revisit this technote frequently as we will update it when new information becomes available.
Related information
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.