Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sun Java Deployment Toolkit Argument Injection Vulnerability

-

Release Date:  2010-04-12    Last Update:  2010-07-05    Views:  22,798

Secunia Advisory SA39260

Where:

You need to log in to view this

Impact:

You need to log in to view this

Solution Status:

You need to log in to view this

Software:

You need to log in to view this

CVE Reference(s):

You need to log in to view this

Description


A vulnerability has been discovered in Sun Java, which can be exploited by malicious people to compromise a user's system


You need to log in to the Secunia Community to view the full description of this advisory

If you are not a member of the Secunia community, you can sign up here for free.

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sun Java Deployment Toolkit Argument Injection Vulnerability

User Message
Anthony Wells RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Expert Contributor 13th Apr, 2010 12:19
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 13th Apr, 2010 16:51
Can Secunia advise if disabling the Plug-in in Firefox acts as as solution/workaround .

Thank you .

EDIT: I have just come across this Secunia blog entry which seems to expand a little (last paragraph) on the SA solution/workaround :-

http://secunia.com/blog/95

Perhaps that is all that is known for now .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-2
pc.tech1 RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 13th Apr, 2010 17:57
Score: 7
Posts: 19
User Since: 13th Feb 2010
System Score: N/A
Location: US
Last edited on 13th Apr, 2010 17:57
FYI...

- http://www.mail-archive.com/full-disclosure@lists.grok.org.uk /msg40571.html
Tavis Ormandy - Fri, 09 Apr 2010 (See "Mitigation") "... Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle..."

.

--
This machine has no brain.
Use your own.
.
Was this reply relevant?
+1
-0
Anthony Wells RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Expert Contributor 15th Apr, 2010 11:11
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

The link in pc.tech1's post is not working for me .

Here is another version of Tavis Ormandy's disclosure , where you will see it says that disabling the plug-in is not a solution .:-

http://seclists.org/fulldisclosure/2010/Apr/119

The actual degree of risk is not clear ; but then again perhaps you do not actually need Java for your particular computer needs .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
HedgeHog RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 15th Apr, 2010 14:04
Score: 0
Posts: 1
User Since: 26th May 2008
System Score: N/A
Location: DE
Last edited on 15th Apr, 2010 14:04
What about Version 6 Update 20? Does it fix the Problem?
Was this reply relevant?
+0
-0
Anthony Wells RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Expert Contributor 15th Apr, 2010 14:40
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Apr, 2010 14:42
The Secunia Advisory 39260 now shows Vendor Patch as the solution in the top part , but does not specify 6U20 lower down - as yet .

6U20 certainly addresses the JNLP files mentioned in the disclosure.

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Alan_Baxter RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 15th Apr, 2010 18:18
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Where do you see that Anthony? http://secunia.com/advisories/39260/ still says:
Solution
Do not browse untrusted websites or follow untrusted links. Set the kill-bit for affected ActiveX controls.

I can't see where it mentions 6U20 at all.
Was this reply relevant?
+0
-0
SidcupSilverSurfer Java update downloaded via Secunia today 15 SPRIL
Member 15th Apr, 2010 18:34
Score: 0
Posts: 3
User Since: 11th Mar 2009
System Score: N/A
Location: N/A
Have downloaded the update for Java suggested by Secunia today but still get TWO notifications that Java needs attention.

Have installed the download twice but Secunia is still throwing Java up (twice).

There always seem problems when Java needs attention - wish I could do without it entirely but unfortunately I cannot.

Is there a fix please.

Was this reply relevant?
+0
-0
Anthony Wells RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Expert Contributor 15th Apr, 2010 19:30
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Apr, 2010 19:34
Hello Alan_Baxter ,

Well my eyes might be old but when I posted earlier , "Solution Status" in the upper part of the SA definitely said "vendor patch" (or words to that effect) . Now it says "unpatched" . The lower part "Solution" was as you see/saw it and there was never any mention of U 20 (as I said).

I have downloaded the 6 U 20 and the Java Deployment Toolkit shows both U 19 and U 20 version Plug-ins for Firefox and Chrome (Dev channel version) and points to their respective .dll files. So the old version was not seemingly un-installed .

The relevant files are in the C:\Program Files\..\bin\new plug_in\.. folder . I have emailed Java support to ask them to clarify .

PSI only records the two installations it displays for my XP SP3 OS as U 20 in the "patched" tab and shows me good to surf in IE or Firefox (Chrome Dev version is not tracked) in the "secure browsing" tab .

That's as much as I can "see" :)

Anthony




--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
pc.tech1 RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 16th Apr, 2010 03:54
Score: 7
Posts: 19
User Since: 13th Feb 2010
System Score: N/A
Location: US
Last edited on 16th Apr, 2010 03:54
FYI...

Java JRE 6 Update 20 released
- http://java.sun.com/javase/downloads/index.jsp
April 15, 2010

Changes in 1.6.0_20
- http://java.sun.com/javase/6/webnotes/6u20.html
"This release contains fixes for security vulnerabilities..."
3 Bug Fixes...

.

--
This machine has no brain.
Use your own.
.
Was this reply relevant?
+0
-0
Alan_Baxter RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 16th Apr, 2010 05:39
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
Thank you, Anthony. I uninstalled U19 before installing U20 on Windows XP SP3, so there is no trace of U19 in my Firefox plugins, just the two from U20. A PSI scan finds only the two usual exes:
Program Files\Java\jre6\bin\java.exe
WINDOWS\system32\java.exe
both for version U20 and "patched" (of course, since it's the most recent version).

Both of those files are also listed as "Insecure, no solution SA39260" in the Secure Browsing pane, under IE8, Firefox, and SeaMonkey.
Was this reply relevant?
+0
-0
Anthony Wells RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Expert Contributor 16th Apr, 2010 12:19
Score: 2437
Posts: 3,327
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 16th Apr, 2010 12:23
Hello Alan_Baxter ,

As the SA now shows 6 U 20 as the solution and not holding my breath waiting for Java support , I have manually deleted the left behind (?) "npdeploytk.dll version 6.0.190.4" file - in the ..\bin\new_plugin\.. folder - to err on the side of safety .

All clear again !!! in "seure browsing" .

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Alan_Baxter RE: Sun Java Deployment Toolkit Argument Injection Vulnerability
Member 16th Apr, 2010 16:51
Score: 0
Posts: 61
User Since: 1st Mar 2009
System Score: N/A
Location: US
(unknown source)
As the SA now shows 6 U 20 as the solution ...

I see it too. :)
I agree that deleting any left-over U19 files is prudent.
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability