Tablet
Premium Member
join:2003-01-15
Czech
1 recommendation |
Tablet
Premium Member
2004-Jul-9 11:49 am
Sun JAVA insecure file creation + IEA seemingly trivial vulnerability has been found in the latest Sun JAVA virtual machine. Details about the vulnerability: » www.illegalaccess.org/cm ··· e/view/9Note one post on the Full Disclosure mailing list: quote:
There's a very minor issue with the way the sun java virtual machine creates
temporary files from applets. IE blows it off the chart, combining this with
some unresolved issues in IE can lead to remote code execution
More reading about the combo: » seclists.org/lists/fulld ··· 434.html» seclists.org/lists/fulld ··· 439.html |
|
 SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand |
Sparrow
Premium Member
2004-Jul-9 12:15 pm
I guarantee this is exactly what I have been trying to nail down for the past week or so. However the browser crashes in IE and Firefox: » JS.ModalDZoneBypass.exploit nails SP2...» [Help] FireFox SSL Settings? |
|
Tablet
Premium Member
join:2003-01-15
Czech |
Tablet
Premium Member
2004-Jul-9 12:22 pm
I mentioned IE because of the combined vulnerability. Of course you are right, every browser with Sun JAVA virtual machine plugin is vulnerable to this.
IF you click "skip" in the JAVA exception dialog, the browser does not crash. |
|
Libra
Premium Member
join:2003-08-06
USA |
to Tablet
I just installed SunJava 1.4.2_4. Does it have this vulnerability? I also have it set not to store anything in the cache, will that avoid this problem?
Thanks.
Sincerely, Libra |
|
Tablet
Premium Member
join:2003-01-15
Czech |
Tablet
Premium Member
2004-Jul-10 3:54 am
said by Libra:
I just installed SunJava 1.4.2_4. Does it have this vulnerability? I also have it set not to store anything in the cache, will that avoid this problem?
Thanks.
Sincerely, Libra
Yes, unfortunately Sun Java 1.4.2_04 is still vulnerable. And the file gets created in the temp directory no matter if caching is on or off. |
|
|
 jansson_markMarkus Jansson
Premium Member
join:2001-08-05
Finland |
said by Tablet:
Yes, unfortunately Sun Java 1.4.2_04 is still vulnerable. And the file gets created in the temp directory no matter if caching is on or off.
Any ideas when they will fix this one? |
|
 bcool
Premium Member
join:2000-08-25 |
to Tablet
Confirmed here!
*Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) *Gecko/20040710 Firefox/0.9.0+ (stipe)
*Sun Java (plugin) 1.4.2_4
*WINXP SP1
Guess for the time being, I disable Java. |
|
SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand |
Sparrow
Premium Member
2004-Jul-10 11:43 am
Also occurring with 1.5.0 (I can't run 1.4.2_4 at all.)
Java 2 SE v.1.5.0
FireFox v.0.9.2
Win XP Pro / IE6 / SP2 RC2 v.2149
I've disabled Java on both browsers. |
|
 Rdax
Premium Member
join:2001-05-18
El Dorado, AR |
Rdax
Premium Member
2004-Jul-10 12:09 pm
I just downloaded version 1.4.2_05 yesterday. How can I check to see if it's vunerable? |
|
SparrowCrystal Sky
Premium Member
join:2002-12-03
Sachakhand |
Sparrow
Premium Member
2004-Jul-10 12:28 pm
Rdax  , This is listed almost the end of this page » seclists.org/lists/fulld ··· 434.htmlquote:
DEMO
»poc.homedns.org/execute.htm
I get nothing but a blank screen with Java disabled. It is suggested that Java be disabled until a patch is released: quote:
Solution
Until a patch becomes available, disable Java by going to: File -> Preferences -> Multimedia, and uncheck the "Enable Java" item. »www.illegalaccess.org/cm ··· e/view/9
|
|
bcool
Premium Member
join:2000-08-25 |
bcool to Rdax
Premium Member
2004-Jul-10 1:46 pm
to Rdax
said by Rdax:
I just downloaded version 1.4.2_05 yesterday. How can I check to see if it's vunerable?
Just out of curiosity, where did you find 1.4.2_ 05? |
|
1 recommendation |
It's available for download on Sun's website » java.sun.com/j2se/1.4.2/ ··· oad.html |
|
bcool
Premium Member
join:2000-08-25 |
bcool
Premium Member
2004-Jul-10 3:44 pm
said by Goldengamego:
It's available for download on Sun's website
»java.sun.com/j2se/1.4.2/ ··· oad.html
Thanks! Incidentally, I already have J2SE v 1.4.2_0 4. I may need glasses but I don't see a reference to _05 on this page.  |
|
 CudniLa Merma - Vigilado
MVM
join:2003-12-20
Someshire |
Cudni
MVM
2004-Jul-10 3:50 pm
from the link " J2SE v 1.4.2_05 JRE includes the JVM technology The J2SE Java Runtime Environment (JRE) allows end-users to run Java applications. More info..." » javashoplm.sun.com/ECom/ ··· Id=noregCudni |
|
Tablet
Premium Member
join:2003-01-15
Czech
1 edit
1 recommendation |
Tablet
Premium Member
2004-Jul-10 4:56 pm
This bug has been fixed in the new version of Sun JAVA virtual machine 1.4.2_05.You can test it here: » www.illegalaccess.org/cm ··· e/view/9JAVA 1.4.2_05 Changelog: » java.sun.com/j2se/1.4.2/ ··· dex.html |
|
Libra
Premium Member
join:2003-08-06
USA |
Libra
Premium Member
2004-Jul-10 8:40 pm
Is SunJava 1.4.1_5 subject to this vulnerability? I just found out a bug in 1.4.2._2 is causing my computer to hang when I attempt to shut down. If 1.4.1_5 is okay, where can I find it? Thank you.
Sincerely, Libra |
|
| Libra |
to Tablet
Tablet, thank you for your reply. If you don't have the cache set up, where is the temp directory? i.e., would an AV find it? I remember reading where someone had malware and it was located in the jar of SunJava. I was hoping to by-pass that.
Thank you.
Sincerely, Libra |
|
Tablet
Premium Member
join:2003-01-15
Czech |
Tablet
Premium Member
2004-Jul-11 5:25 am
said by Libra:
Tablet, thank you for your reply. If you don't have the cache set up, where is the temp directory? i.e., would an AV find it? I remember reading where someone had malware and it was located in the jar of SunJava. I was hoping to by-pass that.
Thank you.
Sincerely, Libra
The tmp file gets stored in "%userprofile%\Local Settings\Temp". An AV would be able to detect the file if it would be a known virus. |
|
bcool
Premium Member
join:2000-08-25
4 edits |
to Cudni
said by Cudni:
from the link
" J2SE v 1.4.2_05 JRE includes the JVM technology..."
Cudni
Thanks to Goldengamego( I do need glasses!) and Cudni. I now have the Java(TM) Plug-in 1.4.2_05 installed with java enabled in Firefox. This is what I see: 1.) No crash in Tablet's above referenced vulnerability test. 2.) *.tmp files still created from test (+~JF23126.tmp, 500 bytes) 3.) from the jusched.log located in the same \TMP folder: Sun Jul 11 04:36:13 2004
:: Either not a Win2000, XP platform or Non-admin user or GetModuleFilename failed
or Error Opening JavaUpdate Keys.
should I make of this? Incidentally, thank you Tablet for highlighting this important alert.
---
WINXP SP1
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040710 Firefox/0.9.0+ (stipe) |
|
Libra
Premium Member
join:2003-08-06
USA |
to Tablet
Tablet said:
"The tmp file gets stored in "%userprofile%\Local Settings\Temp". An AV would be able to detect the file if it would be a known virus."
~~~~~~~~~~
Hi Tablet,
I have Windows 98se and no user profile set. Would the temp file go to Windows/Temp or Windows/Temporary Internet Files? And how do these files get cleared? (I just did a search for local settings in Find, and 35 items came up.)
Thanks again.
Sincerely, Libra |
|
jansson_markMarkus Jansson
Premium Member
join:2001-08-05
Finland |
to Tablet
Please note this other java vulnerability too |
|
