what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

IBM Java Issue 67 Bad Patch

IBM Java Issue 67 Bad Patch
Posted Apr 5, 2016
Authored by Adam Gowdiak | Site security-explorations.com

The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.

tags | advisory, java
SHA-256 | 05acd35224d6d36ec0c881a14c2437781d3cf225c1d917f2a38924f23726bf48
Download | Favorite | View

IBM Java Issue 67 Bad Patch

Change Mirror Download

Hello All,

Those concerned about security of IBM Java [1] may find this post
interesting.

We discovered that a fix for a security vulnerability (Issue 67)
[2] we reported to the company in May 2013 didn't address the
problem properly.

This is the 6th instance of a broken patch we encountered from
IBM. Previously, the company failed to address 4 other issues
(with one of them improperly patched for two times in a row).

Similarly to previous cases, the fix for Issue 67 addressed the
scenario illustrated by a Proof of Concept code. The actual root
cause of the issue hasn't been addressed at all. There were no
security checks introduced anywhere in the code. The patch relied
solely on the idea that hiding the vulnerable method deep in the
code and behind a Proxy class would be sufficient to address the
issue.

Breaking IBM patch for Issue 67 requires only several minor changes
to our original Proof of Concept code published in Jul 2013.

Full technical details of IBM fix bypass can be found in our technical
report:

http://www.security-explorations.com/materials/SE-2012-01-IBM-4.pdf

Along with the report, we have also published a Proof of Concept code
to illustrate the broken fix:

http://www.security-explorations.com/materials/se-2012-01-67.2.zip

The POC was successfully tested in a 32-bit Linux OS environment and
with the following versions of IBM Java:
- IBM SDK, Java Technology Edition, Version 7.1 for Linux (32-bit x86)
   released on 2016-01-26 (build pxi3270_27sr3fp30-20160112_01(SR3 FP30))
- IBM SDK, Java Technology Edition, Version 8.0 for Linux (32-bit x86)
   released on 2016-01-26 (build pxi3280sr2fp10-20160108_01(SR2 FP10))

We verified that, a complete Java security sandbox escape could be
achieved with it.

Thank you.

-- 
Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] IBM developer kits
     http://www.ibm.com/developerworks/java/jdk/
[2] SE-2012-01-IBM-2, Issues 62-68
     http://www.security-explorations.com/materials/SE-2012-01-IBM-2.pdf
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close