Secunia
Login
|
|
Secunia Research: Sun Java Plug-In Predictable File Location Weakness |
|
======================================================================
Secunia Research 09/02/2005
- Sun Java Plug-In Predictable File Location Weakness -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
About Secunia........................................................7
Verification.........................................................8
======================================================================
1) Affected Software
Sun Java JRE / JDK 1.5.0
Other versions may also be affected.
======================================================================
2) Severity
Rating: Not critical
Impact: Unknown
Where: From remote
======================================================================
3) Description of Vulnerability
Secunia Research has discovered a weakness in Sun Java Plugin-In,
allowing malicious websites to write arbitrary content to a file with
a predictable name.
The problem is that the plugin creates temporary files for class files
using a file name which becomes predictable when referenced using the
old 8dot3 file schema (FAT16/DOS support).
The temporary file creation in itself is not a vulnerability and
should not pose any risk to the system. However, combined with
certain Microsoft Internet Explorer functionality and
vulnerabilities this can be exploited to compromise a vulnerable
system.
The weakness has been confirmed in version 1.5.0_01. Other versions
may also be affected.
======================================================================
4) Solution
Change the default directory for Temporary Internet Files
(this may affect functionality):
Java Control Panel -> Settings... --> Location
======================================================================
5) Time Table
06/07/2004 - Weakness discovered.
06/07/2004 - Vendor notified.
08/07/2004 - Vendor response.
10/11/2004 - Vendor confirms the weakness.
09/02/2005 - Public disclosure.
======================================================================
6) Credits
Discovered by Andreas Sandblad, Secunia Research.
======================================================================
7) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
8) Verification
Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2004-7/advisory/
======================================================================
|
|
