lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <50616F95.3070209@security-explorations.com>
Date: Tue, 25 Sep 2012 10:47:17 +0200
From: Security Explorations <contact@...urity-explorations.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [SE-2012-01] Critical security issue affecting
	Java SE 5/6/7


Hello All,

We've recently discovered yet another security vulnerability
affecting all latest versions of Oracle Java SE software. The
impact of this issue is critical - we were able to successfully
exploit it and achieve a complete Java security sandbox bypass
in the environment of Java SE 5, 6 and 7. So far, we could only
claim such an impact with reference to Java 7 environment (the
Apple QuickTime attack relying on Issues 15 and 22 is the only
exception here). Thus, this post.

The newly discovered bug is special for several reasons. This
is our "anniversary" finding (Issue number 50). We discovered
it exclusively for JavaOne 2012 [1]. Finally, the bug allows
to violate a fundamental security constraint of a Java Virtual
Machine (type safety).

The following Java SE versions were verified to be vulnerable:
- Java SE 5 Update 22 (build 1.5.0_22-b03)
- Java SE 6 Update 35 (build 1.6.0_35-b10)
- Java SE 7 Update 7  (build 1.7.0_07-b10)

All tests were successfully conducted in the environment of a
fully patched Windows 7 32-bit system and with the following
web browser applications:
- Firefox 15.0.1
- Google Chrome 21.0.1180.89
- Internet Explorer 9.0.8112.16421 (update 9.0.10)
- Opera 12.02 (build 1578)
- Safari 5.1.7 (7534.57.2)

To fulfill the Pro Bono mission of our SE-2012-01 project [2],
we have provided Oracle corporation with a technical description
of the issue found along with a source and binary codes of our
Proof of Concept code demonstrating a complete Java security
sandbox bypass in the environment of Java SE 5, 6 and 7.

We hope that a news about one billion users of Oracle Java SE
software [3] being vulnerable to yet another security flaw is not
gonna spoil the taste of Larry Ellison's [4] morning...Java.

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] Oracle Begins Final Preparations for JavaOne San Francisco 2012
     and Announces Keynote Lineup
     http://www.oracle.com/us/corporate/press/1843546
[2] SE-2012-01 Security vulnerabilities in Java SE
     http://www.security-explorations.com/en/SE-2012-01.html
[3] Learn About Java Technology
     http://java.com/en/about/
[4] Larry Ellison
     http://www.forbes.com/profile/larry-ellison/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ