Vulnerability Note VU#760344

Sun Java Plug-in fails to restrict access to private Java packages

Original Release date: 23 Nov 2004 | Last revised: 23 Nov 2004

Overview

There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets.

Description

The Java Plug-in is part of the Java 2 Runtime Environment (JRE) and establishes a framework for displaying Java applets within a web browser. There is a vulnerability in the Java Plug-in security framework that could allow a malicious applet to bypass restrictions for accessing private Java packages.

Java's built-in security framework is designed to prevent access to private Java packages that are used internally by the Java Virtual Machine (JVM). When a Java applet attempts to access one of these packages, an AccessControlException will be thrown indicating that the requested access is denied. However, a flaw in the security framework fails to prevent such access to these private Java packages via JavaScript code.

Impact

By convincing a victim to download and run a malicious Java applet, an intruder could read, write, and modify files on the system with privileges of the victim.

The reporter notes that some private Java packages contain classes that allow direct access to memory or provide methods that can modify private fields of Java objects. This could allow an intruder to disable the Java security manager.

Solution

Upgrade
Sun has issued an advisory which addresses this issue. For more information on upgrades available for your system, please refer to Sun Security Alert 57591.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Sun Microsystems Inc.Affected-23 Nov 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Jouko Pynnonen.

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-1029
  • Date Public: 22 Nov 2004
  • Date First Published: 23 Nov 2004
  • Date Last Updated: 23 Nov 2004
  • Severity Metric: 17.55
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.