Oracle Java Flaws Let Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1028019 |
SecurityTracker URL: http://securitytracker.com/id/1028019
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Updated: Jan 19 2013
|
Original Entry Date: Jan 19 2013
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 7 Update 11; possibly prior versions
|
Description:
Two vulnerabilities were reported in Oracle Java. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
The vendor was notified on January 18, 2013.
On version Java 7 Update 11, user confirmation is required in order for unsigned or self-signed Java applets to run.
Adam Gowdiak of Security Explorations reported these vulnerabilities.
|
Impact:
A remote user can create Java content that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.java.com/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS: Linux (Any), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
|
Hello All,
This post might be interesting for those concerned about the
state of Oracle's Java SE security.
We have successfully confirmed that a complete Java security
sandbox bypass can be still gained under the recent version
of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).
MBeanInstantiator bug (or rather a lack of a fix for it [2][3])
turned out to be quite inspirational for us. However, instead
of relying on this particular bug, we have decided to dig our
own issues. As a result, two new security vulnerabilities (51
and 52) were spotted in a recent version of Java SE 7 code and
they were reported to Oracle today [4] (along with a working
Proof of Concept code).
Thank you.
Best Regards
Adam Gowdiak
---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------
References:
References:
[1] Oracle Security Alert for CVE-2013-0422
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
[2] Java 7 Update 11 Addresses the Flaw Partly Fixed in October 2012,
Experts Say
http://news.softpedia.com/news/Java-7-Update-11-Addresses-the-Flaw-Partly-Fixed-in-October-2012-Experts-Say-320792.shtml
[3] Confirmed: Java only fixed one of the two bugs
http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html
[4] SE-2012-01 Vendors status
http://www.security-explorations.com/en/SE-2012-01-status.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|