Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [SE-2012-01] Critical security issue affecting Java SE 5/6/7
From: Chris Evans <scarybeasts () gmail com>
Date: Tue, 25 Sep 2012 16:30:37 -0700

On Tue, Sep 25, 2012 at 1:47 AM, Security Explorations
<contact () security-explorations com> wrote:

Hello All,

We've recently discovered yet another security vulnerability
affecting all latest versions of Oracle Java SE software. The
impact of this issue is critical - we were able to successfully
exploit it and achieve a complete Java security sandbox bypass
in the environment of Java SE 5, 6 and 7. So far, we could only
claim such an impact with reference to Java 7 environment (the
Apple QuickTime attack relying on Issues 15 and 22 is the only
exception here). Thus, this post.

I don't see any details?
This list is "full disclosure", not "touch self in public".


Cheers
Chris


The newly discovered bug is special for several reasons. This
is our "anniversary" finding (Issue number 50). We discovered
it exclusively for JavaOne 2012 [1]. Finally, the bug allows
to violate a fundamental security constraint of a Java Virtual
Machine (type safety).

The following Java SE versions were verified to be vulnerable:
- Java SE 5 Update 22 (build 1.5.0_22-b03)
- Java SE 6 Update 35 (build 1.6.0_35-b10)
- Java SE 7 Update 7  (build 1.7.0_07-b10)

All tests were successfully conducted in the environment of a
fully patched Windows 7 32-bit system and with the following
web browser applications:
- Firefox 15.0.1
- Google Chrome 21.0.1180.89
- Internet Explorer 9.0.8112.16421 (update 9.0.10)
- Opera 12.02 (build 1578)
- Safari 5.1.7 (7534.57.2)

To fulfill the Pro Bono mission of our SE-2012-01 project [2],
we have provided Oracle corporation with a technical description
of the issue found along with a source and binary codes of our
Proof of Concept code demonstrating a complete Java security
sandbox bypass in the environment of Java SE 5, 6 and 7.

We hope that a news about one billion users of Oracle Java SE
software [3] being vulnerable to yet another security flaw is not
gonna spoil the taste of Larry Ellison's [4] morning...Java.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] Oracle Begins Final Preparations for JavaOne San Francisco 2012
     and Announces Keynote Lineup
     http://www.oracle.com/us/corporate/press/1843546
[2] SE-2012-01 Security vulnerabilities in Java SE
     http://www.security-explorations.com/en/SE-2012-01.html
[3] Learn About Java Technology
     http://java.com/en/about/
[4] Larry Ellison
     http://www.forbes.com/profile/larry-ellison/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault