October 4th, 2007

Sun issues patches for 'highly critical' Java flaws

Posted by Ryan Naraine @ 6:50 am

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spam and Phishing, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Application, Network, Network Service, Sun Microsystems Inc., Vulnerability, JRE, Patch Management, Applet, Flaw, Java

Sun Microsystems has shipped patches to fix a batch of “highly critical” vulnerabilities in Sun Java JRE (Java Runtime Environment).

The flaws, which affect Windows, Solaris and Linux users, can be exploited to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system, according to an alert from Secunia.

On the Sun security blog, the company acknowledged 11 different vulnerabilities in Java 2 Platform, Standard Edition.

The skinny on the flaws:

1. A vulnerability in the Java Runtime Environment (JRE) with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

2. A bug in Java Web Start may allow an untrusted application to read local files that are accessible to the user running the untrusted application.

3. Two vulnerabilities in Java Web Start may allow an untrusted application to read and write local files that are accessible to the user running the untrusted application.

4. Three vulnerabilities in Java Web Start may allow an untrusted application to determine the location of the Java Web Start cache.

5. A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application or Java applet to move or copy arbitrary files on the system that the application or applet runs on, by requesting the user of the application or applet to drag a file from the application or applet window to a desktop application that has permissions to accept and write files on the system. To exploit this vulnerability, the application or applet has to successfully persuade the user to drag and drop the file.

6. When an untrusted applet or application displays a window, the Java Runtime Environment includes a warning banner inside the window to indicate that the applet or application is untrusted. A defect in the Java Runtime Environment may allow an untrusted applet or application that is downloaded from a malicious website to display a window that exceeds the size of a user’s screen so that the warning banner is not visible to the user.

7. A vulnerability in the Java Runtime Environment (JRE) may allow malicious Javascript code that is downloaded by a browser from a malicious website to make network connections, through Java APIs, to network services on machines other than the one that the Javascript code was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.

8. A security flaw in the JRE may allow an untrusted applet that is downloaded from a malicious website through a web proxy to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network resources (such as web pages) and vulnerabilities (that exist on these network services) which are not otherwise normally accessible to be accessed or exploited.