Welcome to ALLSeek.iNFO - Security related portal. Search crack, serial number, keygen, patch, activation unlock code - Sun Java Runtime Environment (JRE) Bytecode Verifier Analysis Flaw Lets Remote Users Bypass Many Java Security Restrictions

Press CTRL-D to bookmark us

Welcome Guest

Main Menu

Network

Sponsor

Top 10 Sites

Partners

Top Submit news Subscribe

Previous article Back to news list Next article

Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?

Sun Java Runtime Environment (JRE) Bytecode Verifier Analysis Flaw Lets Remote Users Bypass Many Java Security Restrictions

Categorie: Vulnerability
Posted: 2002-11-27 by ReCall
Views: 381
Source: Click here

Current Rating: Not rated

Details

Description: A vulnerability was reported in Sun's Java Runtime Environment (JRE). A remote user can gain access to the local file system and networking resources. On some target systems, the remote user can execute arbitrary code.

The Last Stage of Delirium reported that there is a flaw in the Bytecode Verifier. A remote user can reportedly create new instances of objects without calling the proper initialization method (super or this) from within the constructor of the created class.

A remote user can supply code where the invocation of a superclass constructor does not occur, but where the Bytecode Verifier incorrectly interprets the invocation as having occurred. The virtual machine apparently does not track the actual execution of the method, but rather, analyzes the bytecode instruction stream. So, a remote user can create Java code that will result in bytecode instructions that will trick the analysis. According to the report, this flaw can be exploited by the remote user to construct partially initialized Class Loader objects.

For additional information on this flaw, see the original report at:

http://lsd-pl.net/java_security.html

Impact: A remote user can gain read and write access to the target user's file system.

A remote user can bypass Java network access restrictions and gain access to networking functions (e.g., socket, bind, listen, accept, and connect calls) on a target user's system.

On Microsoft Windows-based systems, a remote user can execute arbitrary code on a target user's system.

Solution: No solution was available at the time of this entry. According to the report, Sun is preparing

patches.

Syndication

Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=385

User comments (post your comments here)

Only registerd members can post comments and articles

Previous article Back to news list Next article

InterJOB.su

LAST QUERIES