SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Oracle, Sun
Oracle Java Flaws Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1028019
SecurityTracker URL:  http://securitytracker.com/id/1028019
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jan 19 2013
Original Entry Date:  Jan 19 2013
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  
Version(s): 7 Update 11; possibly prior versions
Description:   Two vulnerabilities were reported in Oracle Java. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted Java content that, when loaded by the target user, will execute arbitrary code on the target user's system. The code will run with the privileges of the target user.

The vendor was notified on January 18, 2013.

On version Java 7 Update 11, user confirmation is required in order for unsigned or self-signed Java applets to run.

Adam Gowdiak of Security Explorations reported these vulnerabilities.

Impact:   A remote user can create Java content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.java.com/ (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable


Hello All,

This post might be interesting for those concerned about the
state of Oracle's Java SE security.

We have successfully confirmed that a complete Java security
sandbox bypass can be still gained under the recent version
of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).

MBeanInstantiator bug (or rather a lack of a fix for it [2][3])
turned out to be quite inspirational for us. However, instead
of relying on this particular bug, we have decided to dig our
own issues. As a result, two new security vulnerabilities (51
and 52) were spotted in a recent version of Java SE 7 code and
they were reported to Oracle today [4] (along with a working
Proof of Concept code).

Thank you.

Best Regards
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
References:
[1] Oracle Security Alert for CVE-2013-0422
 
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
[2] Java 7 Update 11 Addresses the Flaw Partly Fixed in October 2012, 
Experts Say
 
http://news.softpedia.com/news/Java-7-Update-11-Addresses-the-Flaw-Partly-Fixed-in-October-2012-Experts-Say-320792.shtml
[3] Confirmed: Java only fixed one of the two bugs
 
http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html
[4] SE-2012-01 Vendors status
     http://www.security-explorations.com/en/SE-2012-01-status.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC