|
|
|
|
| |
Java Plug-in technology, included as part of the Java 2 Runtime Environment, Standard Edition (JRE), establishes a connection between popular browsers and the Java platform. This connection enables applets on Web sites to be run within a browser on the desktop. More information about Java Plug-in technology is available from: http://java.sun.com/products/plugin/.
Remote exploitation of a design vulnerability in Sun Microsystems Inc.'s Java Plug-in technology allows attackers to bypass the Java sandbox and all security restrictions imposed within Java Applets. |
| |
Credit:
The information has been provided by iDEFENSE.
The original article can be found at: www.idefense.com/application/poi/display?id=158&type=vulnerabilities
|
| |
Vulnerable Systems:
* Java 2 Platform, Standard Edition (J2SE) 1.4.2_01 and 1.4.2_04 from Sun Microsystems. It is suspected that earlier versions are vulnerable as well. Various browsers such as Internet Explorer, Mozilla and Firefox on both Windows and Unix platforms can be exploited if they are running a vulnerable Java Virtual Machine.
CVE Information:
CAN-2004-1029
A number of private Java packages exist within the Java Virtual Machine (VM) and are used internally by the VM. Security restrictions prevent Applets from accessing these packages. Any attempt to access these packages, results in a thrown exception of 'AccessControlException', unless the Applet is signed and the user has chosen to trust the issuer.
The problem specifically exists within the access controls of the Java to Javascript data exchange in web browsers using Sun's Java Plug-in technology. The vulnerability allows Javascript code to load an unsafe class which should not normally be possible from a Java Applet.
Successful exploitation allows remote attackers to execute hostile Applets that can access, download, upload or execute arbitrary files as well as access the network. A target user must be running a browser on top of a vulnerable Java Virtual Machine to be affected. It is possible for an attacker to create a cross-platform, cross-browser exploit for this vulnerability. Once compromised, an attacker can execute arbitrary code under the privileges of the user who instantiated the vulnerable browser.
Workaround:
Disabling Java or JavaScript will prevent exploitation as the vulnerability relies on the data transfer between the two components.
Other Java Virtual Machines, such as the Microsoft VM, are available and can be used as an alternative.
Vendor Status:
This issue has been fixed in J2SE v 1.4.2_06 available at: http://java.sun.com/j2se/1.4.2/download.html
Disclosure Timeline:
06/29/2004 Initial vendor notification
06/30/2004 Initial vendor response
08/16/2004 iDEFENSE clients notified
11/22/2004 Public disclosure
|
|
|
|
|
|
|
|
|
|
