[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41A5B4DF.8010707@scanit.be>
Date: Thu, 25 Nov 2004 11:33:03 +0100
From: Alla Bezroutchko <alla@...nit.be>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: Sun Java Plugin arbitrary package access vulnerability
Jouko Pynnonen wrote:
> A vulnerability in Java Plugin allows an attacker to create an Applet
> which can disable Java's security restrictions and break out of the
> Java sandbox.
<skip>
> The Java Plugin versions 1.4.2_04 and 1.4.2_05 were tested on Windows
> and Linux. Web browsers tested were Microsoft Internet Explorer,
> Mozilla Firefox and Opera. It should be noted that Opera uses a
> different way of connecting JavaScript and Java which caused the test
> exploit not to work on Opera. However the problem itself (access to
> private packages) was demonstrated on Opera too, so it may be
> vulnerable to a variation of the exploit.
As noted by rodmoses(at)yahoo(dot)com Opera remains vulnerable even
after the upgrade of JVM to version 1.4.2_06. (tested on Windows XP SP2,
Opera 7.54, J2SE 1.4.2_06).
According to Jouko, Opera does not use Java plugin, but has its own
interface to Java. The fact that the problem is still present after JVM
upgrade probably means that there is an independent bug in Opera Java
interface which has the same effect as the bug in Sun Java Plugin.
AFAIK there is no fix for Opera yet. I have reported this bug to Opera
through their web interface (bug-158156).
There is an online test for this bug at Browser Security Test
(http://bcheck.scanit.be/bcheck/). Go to
http://bcheck.scanit.be/bcheck/choosetests.php if you only want to run
the test for this particular bug.
Alla.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists