Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Sun Java Plugin arbitrary package access vulnerability
From: Alla Bezroutchko <alla () scanit be>
Date: Thu, 25 Nov 2004 11:33:03 +0100

Jouko Pynnonen wrote:

A vulnerability in Java Plugin allows an attacker to create an Applet which can disable Java's security restrictions and break out of the Java sandbox.


The Java Plugin versions 1.4.2_04 and 1.4.2_05 were tested on Windows and Linux. Web browsers tested were Microsoft Internet Explorer, Mozilla Firefox and Opera. It should be noted that Opera uses a different way of connecting JavaScript and Java which caused the test exploit not to work on Opera. However the problem itself (access to private packages) was demonstrated on Opera too, so it may be vulnerable to a variation of the exploit.

As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2, Opera 7.54, J2SE 1.4.2_06).

According to Jouko, Opera does not use Java plugin, but has its own interface to Java. The fact that the problem is still present after JVM upgrade probably means that there is an independent bug in Opera Java interface which has the same effect as the bug in Sun Java Plugin.

AFAIK there is no fix for Opera yet. I have reported this bug to Opera through their web interface (bug-158156).

There is an online test for this bug at Browser Security Test (http://bcheck.scanit.be/bcheck/). Go to http://bcheck.scanit.be/bcheck/choosetests.php if you only want to run the test for this particular bug.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]