Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21720
HistoryApr 23, 2009 - 12:00 a.m.

[TZO-12-2009] SUN / Oracle JVM Remote code execution

2009-04-2300:00:00
vulners.com
23
JSON
          SUN/ORACLE JAVA VM Remote code execution

Release mode: Coordinated.
Ref : TZO-122009- SUN Java remote code execution
WWW : http://blog.zoller.lu/2009/04/sunoracle-java-vm-remote-code-execution.html
Vendor : http://www.sun.com
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html

Affected Products:

  • JVM Version 6 Update 1
  • JVM Version 6 Update 2

I. Background

Dictionary.com : "The Java Virtual Machine (JVM) is software that converts 
the Java intermediate language (bytecode) into machine language and executes it.
The original JVM came from the JavaSoft division of Sun. Subsequently,
other vendors developed their own; for example, the Microsoft Virtual 
Machine is Microsoft's Java interpreter. A JVM is incorporated into 
a Web browser in order to execute Java applets. A JVM is also installed in a 
Web server to execute server-side Java programs. A JVM can also be installed 
in a client machine to run stand-alone Java applications."

II. Description

Please understand that no details will be given, too many bad guys
would use it for drive-by attacks. At this point in time (old +
fixed) there is really no need to.

III. Impact

Memory corruption due to a write attempt to a user controlable offset.
i.e exploitable. The Java VM is reachable through every major browser.


IV. Disclosure timeline

19/11/2008 : Send proof of concept, description to Microsoft (sic),
as bug was triggered through IE.

20/11/2008 : Microsoft asks for clarification

21/11/2008 : Clarification sent.

12/12/2008 : Microsoft replicated the memory corruption in Version 6
update 1 and recommends getting in contact with SUN

12/12/2008 : Send proof of concept and description to SUN

16/12/2008 : Sun acknwoledges receipt. PGP keys are exchanged.

13/01/2009 : Asked for update from SUN

17/01/2009 : Asked for update and indicate this is the last request
prior to release if no answer is given.

12/03/2009 : SUN asks for more specific details

12/03/2009 : Details given

24/04/2009 : Notify SUN that I am drafting the advisory and would
require feedback and details

24/04/2009 : SUN asks for a copy of the advisory and explains the
engineering team is still working on the case

07/04/2009 : Asks SUN for an update

08/04/2009 : Sun responds that the team is still working on the case

20/04/2009 : Asking for an update and details

20/04/2009 : SUN responds that the engineers could not reproduce in
Update 11 and 12

20/04/2009 : I test the new updates and can no longer reproduce the
issue

22/04/2009 : Release of this advisory

JSON