lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Nov 2004 11:33:03 +0100
From: Alla Bezroutchko <alla@...nit.be>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Sun Java Plugin arbitrary package access vulnerability


Jouko Pynnonen wrote:

> A vulnerability in Java Plugin allows an attacker to create an Applet 
> which can disable Java's security restrictions and break out of the 
> Java sandbox.

<skip>

> The Java Plugin versions 1.4.2_04 and 1.4.2_05 were tested on Windows 
> and Linux. Web browsers tested were Microsoft Internet Explorer, 
> Mozilla Firefox and Opera. It should be noted that Opera uses a 
> different way of connecting JavaScript and Java which caused the test 
> exploit not to work on Opera. However the problem itself (access to 
> private packages) was demonstrated on Opera too, so it may be 
> vulnerable to a variation of the exploit.

As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even 
after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2, 
Opera 7.54, J2SE 1.4.2_06).

According to Jouko, Opera does not use Java plugin, but has its own 
interface to Java. The fact that the problem is still present after JVM 
upgrade probably means that there is an independent  bug in Opera Java 
interface which has the same effect as the bug in Sun Java Plugin.

AFAIK there is no fix for Opera yet. I have reported this bug to Opera 
through their web interface (bug-158156).

There is an online test for this bug at Browser Security Test 
(http://bcheck.scanit.be/bcheck/). Go to 
http://bcheck.scanit.be/bcheck/choosetests.php if you only want to run 
the test for this particular bug.

Alla.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists