[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable

Subject: Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
From: "Limanovski, Dimitri" <Dimitri.Limanovski@xxxxxxxxxxxx>
Date: Tue, 22 Jan 2013 09:46:35 -0500

Does anyone know if it has it been definitely determined if JRE6 is vulnerable 
to this? There were some conflicting reports at the time of 0-day news hit the 
net.
Thanks!

On Jan 21, 2013, at 12:46 PM, bytze bytze 
<gbytze@xxxxxxxxx<mailto:gbytze@xxxxxxxxx>> wrote:


U guys are the best....thank u for what u do

On Jan 21, 2013 9:46 AM, "Security Explorations" 
<contact@xxxxxxxxxxxxxxxxxxxxxxxxx<mailto:contact@xxxxxxxxxxxxxxxxxxxxxxxxx>> 
wrote:

Hello All,

This post might be interesting for those concerned about the
state of Oracle's Java SE security.

We have successfully confirmed that a complete Java security
sandbox bypass can be still gained under the recent version
of Java 7 Update 11 [1] (JRE version 1.7.0_11-b21).

MBeanInstantiator bug (or rather a lack of a fix for it [2][3])
turned out to be quite inspirational for us. However, instead
of relying on this particular bug, we have decided to dig our
own issues. As a result, two new security vulnerabilities (51
and 52) were spotted in a recent version of Java SE 7 code and
they were reported to Oracle today [4] (along with a working
Proof of Concept code).

Thank you.

Best Regards
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com<http://www.security-explorations.com/>
"We bring security research to the new level"
---------------------------------------------

References:
References:
[1] Oracle Security Alert for CVE-2013-0422

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
[2] Java 7 Update 11 Addresses the Flaw Partly Fixed in October 2012, Experts 
Say

http://news.softpedia.com/news/Java-7-Update-11-Addresses-the-Flaw-Partly-Fixed-in-October-2012-Experts-Say-320792.shtml
[3] Confirmed: Java only fixed one of the two bugs

http://immunityproducts.blogspot.com.ar/2013/01/confirmed-java-only-fixed-one-of-two.html
[4] SE-2012-01 Vendors status
    http://www.security-explorations.com/en/SE-2012-01-status.html

<ATT00001..c>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
  - From: Security Explorations

References:
- [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
  - From: Security Explorations
- Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
  - From: bytze bytze

Prev by Date: Re: [Full-disclosure] [SECURITY] [DSA 2611-1] movabletype-opensource security update
Next by Date: Re: [Full-disclosure] [0 Day] XSS Persistent in Blogspot of Google
Previous by thread: Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
Next by thread: Re: [Full-disclosure] [SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
Index(es):
- Date
- Thread