what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Oracle Java SE 7 Update 15 Issues

Oracle Java SE 7 Update 15 Issues
Posted Mar 4, 2013
Authored by Adam Gowdiak | Site security-explorations.com

The saga between Security Explorations and Oracle continues as yet another issue has been reported upstream.

tags | advisory
SHA-256 | 62b15c41647306908f09a62162b45a2e5e879905919342200f2385c369e80460
Download | Favorite | View

Oracle Java SE 7 Update 15 Issues

Change Mirror Download

Hello All,

Last week, Oracle disputed our claim regarding one of the Issues
reported to the company on Feb 25, 2012. This was Issue 54 that
was partly responsible for a successful attack demonstrated in
the environment of Java SE 7 Update 15.

It turns out Oracle's attempt to deny Issue 54 turned out to be
quite fruitful. It made us look into Java SE 7 code and its docs
once again (gathering counterargument material). As a result:
- we confirmed that company's initial judgment of Issue 54 as the
   "allowed behavior" contradicts both Java SE documentation as well
   as existing security checks in code. It looks Oracle needs to
   either start treating Issue 54 as a vulnerability or change the
   docs and relax some of the existing security checks.
- 5 new security issues were discovered in Java SE 7 (numbered 56
   to 60), which when combined together can be successfully used to
   gain a complete Java security sandbox bypass in the environment
   of Java SE 7 Update 15.

Our vulnerability report along with a working Proof of Concept
code was submitted to Oracle today [1].

Two of the issues found (59 and 60) could be potentially affecting
Java SE 6 (we haven't checked this due to Java SE 6 EOL status),
but since all of the issues need to be combined together to gain
a successful Java SE security compromise, we treat it as affecting
Java SE 7 only.

The attack breaks a couple of security checks introduced to Java
SE by Oracle over the recent months (Issues 57 and 58). It also
exploits code fragments that were missing proper security checks
corresponding to the very mirror code (Issue 59 and 60). Finally,
it demonstrates a difference between the JVM specification and
its implementation (Issue 56).

At the end, should we say that the Reflection API is the usual
victim ?

Thank you.

Best Regards
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] SE-2012-01 Vendors status
     http://www.security-explorations.com/en/SE-2012-01-status.html
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close