Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4894
HistoryJul 24, 2003 - 12:00 a.m.

Windows NT 4.0 with IBM JVM Denial of Service

2003-07-2400:00:00
vulners.com
17
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                           @stake, Inc.
                         www.atstake.com

                        Security Advisory

Advisory Name: Windows NT 4.0 with IBM JVM Denial of Service
Release Date: 07/23/2003
Application: Any Java application, other applications
are possible attack vectors.
Platform: Java 2 Runtime Environment, Standard Edition
(build 1.3.0), Windows NT 4.0
Severity: Denial of service
Author: Matthew Miller <[email protected]>
Jeremy Rauch
Vendor Status: Microsoft has patch available
CVE Candidate: CAN-2003-0525
Reference: www.atstake.com/research/advisories/2003/a072303-1.txt

Overview:

A flaw exists in Windows NT 4.0's file name processing. The flaw can
cause heap corruption to occur when a long string is passed to the
file name functions. This results in the program calling the NT 4.0
file name processing functions to crash.

One attack vector identified by @stake is through a Java servlet
running on the IBM JVM. This class of problem highlights the Java
platform's dependance on the correctness of the underlying operating
system for it's overall security. Java application developers
should still bounds check untrusted inputs that are passed to the
underlying operating system API, such as file handling functions.

Detailed Description:

A denial of service condition for IBM's Java 2 Runtime Environment
can be triggered when passing a long string to the
java.io.getCanonicalPath() function. Any application which passes
user supplied data to the getCanonicalPath() function is potentially
vulnerable.

When passing a long string to java.io.getCanonicalPath() an access
violation occurs in the Windows NT 4.0 ntdll.dll. This access
violation causes the IBM JVM to core resulting in a Denial of
Service. This seems to be due to a corruption of the
heap.

Vendor Response:

Microsoft contacted by @stake: 05/14/2003
Microsoft reproduced and verified: 06/10/2003

Microsoft has issued a bulletin and a patch. More information
is available at:

http://www.microsoft.com/technet/security/bulletin/MS03-029.asp

Recommendation:

Java developers should identify all occurances and perform data
validation where java.io.getCanonicalPath is used.

NT 4.0 Administrators running servers which use Java servlets
should consider installing the Microsoft supplied patch.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2003-0525

@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2003 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPx74oUe9kNIfAm4yEQKc6wCghclEcANjGkrPRGENJyoDhKxyBcYAnjbi
UiSnzl1p7SRXf+9j7dbRQ/M4
=10T3
-----END PGP SIGNATURE-----

Related

cve 1
nessus 1
cve
cve
CVE-2003-0525
2003-08-27 04:00:00
nessus
nessus
MS03-029: Flaw in Windows Function may allow DoS (823803)
2003-07-23 00:00:00
JSON
Related for SECURITYVULNS:DOC:4894
cve1nessus1