Home page logo

bugtraq logo Bugtraq mailing list archives

JDK 1.1.1 & HotJava 1.0 vulnerability
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 30 Apr 1997 13:16:48 -0500


April 1997:

We found a serious security flaw in version 1.1.1 of the Java Development
Kit (JDK) and version 1.0 of the HotJava browser, both from Sun.
These systems allow digitally signed applets.  If an applet's
signer is labelled as trusted by the local system, then the applet is not
subject to the normal security restrictions.  The flaw we found allows an
applet to change the system's idea of who signed it.  The applet can get a
list of the all signers known to the local system, determine which if any of
those signers is trusted, and then the applet can relabel itself so it
appears to have been
signed by a trusted signer.  The result is that the applet can completely
evade Java's security mechanisms.

JavaSoft says that the flaw will be fixed in the next release (1.1.2) of the
JDK.  The Netscape and Microsoft browsers are not affected, since they do not
currently support the JDK 1.1 code-signing API.

More details will appear here once the flaw has been fixed.

Aleph One / aleph1 () dfw net
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

  By Date           By Thread  

Current thread:
  • JDK 1.1.1 & HotJava 1.0 vulnerability Aleph One (Apr 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]