lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3F6918F2F2125C4BB95462A2ED1454B1349DAA@pukeko.smb2go.net>
Date: Wed, 11 Jul 2007 14:37:26 +1200
From: "Brett Moore" <brett.moore@...urity-assessment.com>
To: <bugtraq@...urityfocus.com>
Subject: SUN Java JNLP Overflow

========================================================================
= SUN Java JNLP Overflow
=
= Vendor Advisory:  
= http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1
=
= Affected Software:
=      Java Web Start in JDK and JRE 6 Update 1 and earlier
=      Java Web Start in JDK and JRE 5.0 Update 11 and earlier
=
= Public disclosure on Wednesday July 11, 2007
========================================================================

== Overview ==

http://www.google.co.nz/search?hl=en&q=same+bug+different+app&meta=

My guess is that two years down the track, nobody really took any
notice.

EEYE posted out there advisory, a couple of days ago. Check it if you 
want the technical details.

Not surprising that it was also discovered by another person, and most
likely more than one.

1) Start-Regedit
2) Edit->Search->"editflags"
3) Find those that have a flag set of BINARY 00 00 01 00
4) *yawn*
5) Find a valid file of that type
 
http://java.sun.com/j2se/1.4.2/docs/guide/jws/developersguide/syntax.htm
l
6) Try a long string in an obvious place
7) Watch the debugger kick in
8) Finish your cup of coffee

== Solutions ==

SUN has released a patch
    http://sunsolve.sun.com/search/document.do?assetkey=1-26-102996-1

This class of vulnerability is well known, and future cases can be 
mitigated by removing or modifying the editflags value for all
registry entries that have 'Disable Open/Save dialog box' set.
    http://mc-computing.com/WinExplorer/WinExplorerEditFlags.htm

== Credit ==

Discovered and advised to SUN November 15 2006 by Brett Moore of
Security-Assessment.com

== About Security-Assessment.com ==

Security-Assessment.com is Australasia's leading team of Information 
Security consultants specialising in providing high quality Information 
Security services to clients throughout the Asia Pacific region. Our 
clients include some of the largest globally recognised companies in 
areas such as finance, telecommunications, broadcasting, legal and 
government. Our aim is to provide the very best independent advice and 
a high level of technical expertise while creating long and lasting 
professional relationships with our clients.

Security-Assessment.com is committed to security research and 
development, and its team continues to identify and responsibly publish 
vulnerabilities in public and private software vendor's products. 
Members of the Security-Assessment.com R&D team are globally recognised 
through their release of whitepapers and presentations related to new 
security research.

Security-Assessment.com is an Endorsed Commonwealth Government of 
Australia supplier and sits on the Australian Government 
Attorney-General's Department Critical Infrastructure Project panel. 
We are certified by both Visa and MasterCard under their Payment 
Card Industry Data Security Standard Programs.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ