Title: Sun Java Virtual Machine Slash Path Security Model Circumvention Vulnerability

Severity: CRITICAL

Description:

The Java Virtual Machine (JVM) is a component of the Sun Java infrastructure that performs the handling of Java applets and other programs. It is available for Unix, Linux, and Microsoft platforms.

A vulnerability has been identified in the Sun Java Virtual Machine packaged with JRE and SDK. This issue results in the circumvention of the Java Security Model, and can permit an attacker to execute arbitrary code on vulnerable hosts.

The problem is in the handling of security checks on classes. Due to an error in the loadClass method of the sun.applet.AppletClassLoader implementation, the JVM does not sufficiently handle one of the syntaxes used to invoke classes. When classes are invoked by an applet using dot notation, such as sun.java.class, the checkPackageAccess method of securitymanager performs reliably, throwing an exception when an applet attempts to load an unauthorized class.

However, when an applet attempts to load a class using the supported slash notation, such as sun/java/class, the checkPackageAccess method of securitymanager does not properly check the name of the requested class. The applet thus could circumvent the security model, calling classes outside of the sandbox imposed by the Java security model, and gain access to prohibited classes. A malicious applet could use this vulnerability to execute arbitrary code of any type, resulting in unauthorized access to the vulnerable system with the privileges of the user that has loaded the malicious Java applet.

Affected Products:

HP HP-UX (VVOS) 11.0.0 4
HP HP-UX 11.0.0
HP HP-UX 11.0.0 4
HP HP-UX 11.11.0
HP HP-UX 11.22.0
HP HP-UX 11.23.0
HP HP-UX B.11.00
HP HP-UX B.11.04
HP HP-UX B.11.11
HP HP-UX B.11.22
HP HP-UX B.11.23
Macromedia ColdFusion Server MX Developer
Macromedia ColdFusion Server MX Enterprise
Macromedia ColdFusion Server MX Professional
Opera Software Opera Web Browser 7.11.0
Opera Software Opera Web Browser 7.11.0 j
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.2.2 _004
Sun JRE (Linux Production Release) 1.2.2 _005
Sun JRE (Linux Production Release) 1.2.2 _006
Sun JRE (Linux Production Release) 1.2.2 _007
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _013
Sun JRE (Linux Production Release) 1.2.2 _014
Sun JRE (Linux Production Release) 1.2.2 _015
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _03
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Linux Production Release) 1.4.1 _01
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Reference Release) 1.2.2 _010
Sun JRE (Reference Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _013
Sun JRE (Solaris Production Release) 1.2.2 _014
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _03
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4.1 _01
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _013
Sun JRE (Windows Production Release) 1.2.2 _014
Sun JRE (Windows Production Release) 1.2.2 _015
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _03
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.1 _01
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.2.2 _010
Sun SDK (Linux Production Release) 1.2.2 _011
Sun SDK (Linux Production Release) 1.2.2 _014
Sun SDK (Linux Production Release) 1.2.2 _015
Sun SDK (Linux Production Release) 1.2.2 _12
Sun SDK (Linux Production Release) 1.2.2 _13
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.2.2
Sun SDK (Solaris Production Release) 1.2.2 _07a
Sun SDK (Solaris Production Release) 1.2.2 _10
Sun SDK (Solaris Production Release) 1.2.2 _11
Sun SDK (Solaris Production Release) 1.2.2 _12
Sun SDK (Solaris Production Release) 1.2.2 _13
Sun SDK (Solaris Production Release) 1.2.2 _14
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Reference Release) 1.2.2 _010
Sun SDK (Solaris Reference Release) 1.2.2 _011
Sun SDK (Solaris Reference Release) 1.2.2 _012
Sun SDK (Solaris Reference Release) 1.2.2 _013
Sun SDK (Solaris Reference Release) 1.2.2 _014
Sun SDK (Solaris Reference Release) 1.2.2 _015
Sun SDK (Windows Production Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.2.2 _011
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _013
Sun SDK (Windows Production Release) 1.2.2 _014
Sun SDK (Windows Production Release) 1.2.2 _015
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.4.1
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _03

References:

Sun: Sun Alert ID: 57221

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.

J-Security Center

Title: Sun Java Virtual Machine Slash Path Security Model Circumvention Vulnerability

Severity: CRITICAL

Description:

Affected Products:

References: