SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#760344

Sun Java Plug-in fails to restrict access to private Java packages

Overview

There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets.

I. Description

The Java Plug-in is part of the Java 2 Runtime Environment (JRE) and establishes a framework for displaying Java applets within a web browser. There is a vulnerability in the Java Plug-in security framework that could allow a malicious applet to bypass restrictions for accessing private Java packages.

Java's built-in security framework is designed to prevent access to private Java packages that are used internally by the Java Virtual Machine (JVM). When a Java applet attempts to access one of these packages, an AccessControlException will be thrown indicating that the requested access is denied. However, a flaw in the security framework fails to prevent such access to these private Java packages via JavaScript code.

II. Impact

By convincing a victim to download and run a malicious Java applet, an intruder could read, write, and modify files on the system with privileges of the victim.


The reporter notes that some private Java packages contain classes that allow direct access to memory or provide methods that can modify private fields of Java objects. This could allow an intruder to disable the Java security manager.

III. Solution

Upgrade

Sun has issued an advisory which addresses this issue. For more information on upgrades available for your system, please refer to Sun Security Alert 57591.

Systems Affected

VendorStatusDate Updated
Sun Microsystems Inc.Vulnerable23-Nov-2004

References


http://jouko.iki.fi/adv/javaplugin.html
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities&flashstatus=false
http://secunia.com/advisories/13271/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
http://java.sun.com/products/plugin/index.jsp
http://java.sun.com/j2se/desktopjava/jre/index.jsp
http://java.sun.com/docs/books/tutorial/essential/system/securityIntro.html
http://java.sun.com/j2se/1.5.0/docs/api/java/security/AccessControlException.html
http://java.sun.com/docs/books/tutorial/reflect/

Credit

This vulnerability was reported by Jouko Pynnonen.

This document was written by Damon Morda.

Other Information

Date Public11/22/2004
Date First Published11/23/2004 04:47:33 PM
Date Last Updated11/23/2004
CERT Advisory 
CVE-ID(s)CAN-2004-1029
NVD-ID(s)CAN-2004-1029
US-CERT Technical Alerts 
Metric17.55
Document Revision19

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader