Title: Kaffe OpenVM NoClassDefFoundError Format String Vulnerability
Severity: MODERATE
Description:
Kaffe OpenVM is a free, open source implementation of a Java Virtual Machine (JVM). Originally developed for Unix based systems, it is available for Windows as well as Linux and BSD based systems.
A vulnerability has been reported in some versions of the Kaffe JVM. When a java.lang.NoClassDefFoundError error is thrown, the class name in question is interpreted as a format string. If a malicious party is able to supply this data, they may include format modifiers such as %p and %n. This could allow the attacker to view stack memory, and to overwrite arbitrary memory locations.
If this vulnerability is exploitable, it may be possible to execute arbitrary code as the Kaffe process. Although this will generally not result in elevated privileges, it may allow untrusted code to entirely break any restrictions imposed by the Java security model. It has not yet been confirmed that this vulnerability is exploitable.
Earlier versions of Kaffe may share this vulnerability. This has not, however, been confirmed.
Affected Products:
- Kaffe Kaffe OpenVM 1.0.6
References:
- KF <dotslash@snosoft.com>: Latest Kaffe Java Virtual Machine Format Strings issue.
- Kaffe: Kaffe Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
