X

The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 244988 Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation

Guest Author
Product: Java Platform, Standard Edition (Java SE)

Multiple security vulnerabilities exist in Java Web Start and Java Plug-in that may allow escalation of privileges. These include:

CR 6727079: A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from.

CR 6727081: A vulnerability in the Java Runtime Environment with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application.

CR 6694892:  A vulnerability in Java Web Start may allow certain trusted operations to be performed, such as modifying system properties.

CR 6727071: A vulnerability in the Java Runtime Environment may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application.

CR 6707535:  A vulnerability in Java Web Start and Java Plug-in may allow hidden code on a host to make network connections to that host and to hijack HTTP sessions using cookies stored in the browser.

CR 6716217: A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.

CR 6767668: A security vulnerability in the the Java Web Start BasicService allows untrusted applications that are downloaded from another system to request local files to be displayed by the browser of the user running the untrusted application.

Sun acknowledges with thanks, the following:

For CRs 6727079, 6727081 and 6727071:

Peter Csepely working with Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com)


For CR 6694892:

Virtual Security Research (VSR) http://www.vsecurity.com/ for bringing this issue to our attention.

Additional information on this issue can be found in the following advisory from Virtual Security Research:

http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt


For CR 6707535:

Billy Rios of Microsoft and Nate Mcfeters of Ernst and Young


For CR 6716217:

Peter Csepely working with Zero Day Initiative (http://www.zerodayinitiative.com/) and TippingPoint (http://www.tippingpoint.com)

John Heasman of NGSSoftware


State: Resolved
First released: 03-Dec-2008

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.