Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sun Java JRE Insecure Executable Loading Vulnerability

-

Release Date:  2011-07-11    Last Update:  2011-09-23    Views:  37,419

Secunia Advisory SA45173

Where:

From remote

Impact:

System access

Solution Status:

Unpatched

CVE Reference(s):

No CVE references.

Description


ACROS Security has discovered a vulnerability in Sun Java, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the application loading an executable file in an insecure manner when an out of memory condition occurs. This can be exploited to execute arbitrary programs by tricking a user into e.g. opening a HTML file, which loads an applet located on a remote WebDAV or SMB share.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in versions 6 update 26 (build 1.6.0_26-b03) and 6 update 27 (build 1.6.0_27-b07). Other versions may also be affected.


Solution:
Do not open untrusted files.

Provided and/or discovered by:
Jure Skofic and Simon Raner, ACROS Security.

Original Advisory:
http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sun Java JRE Insecure Executable Loading Vulnerability

User Message
[+]

PetrolDave

RE: Sun Java JRE Insecure Executable Loading Vulnerability
This reply has been minimised due to a negative Relevancy Score.

OldDuffer

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

Woody7

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: Sun Java JRE Insecure Executable Loading Vulnerability
Handling Contributor 28th Aug, 2011 09:13
Score: 11309
Posts: 8,721
User Since: 4th Jan 2009
System Score: N/A
Location: UK
U will all note there has been little response on this thread because U have all "tagged on" to a Secunia vulnerability information report reserved for that purpose & for technical input from whatever source.

As U can see the vulnerability is extant.

The user thread which has useful information & should help U all is here:

http://secunia.com/community/forum/thread/show/113...

Woody77

JAVA 6 Update 27 is a bug fix/makes cosmetic changes to the previous version. It DOES NOT fix the vulnerability therefore is somewhat irrelevant to the subject matter.

If problems remain I strongly advise U create your own threads.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+7
-4
Jersey_Devil RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 24th Sep, 2011 10:00
Score: 9
Posts: 26
User Since: 29th Apr 2010
System Score: N/A
Location: US
Does Oracle plan on patching this anytime during this millennium?

--
Gateway NV59C
Win 7 HP SP1 x64, XP Home SP3
FFox latest Ex-PLODE-r 11
PSI v2 MVPS Hosts
Avast 9 FREE
Was this reply relevant?
+3
-4

mbarley42

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

mbarley42

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

randun

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.

randun

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
mbarley42 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 21st Oct, 2011 15:50
Score: -4
Posts: 40
User Since: 17th Jun 2011
System Score: N/A
Location: HR
Last edited on 21st Oct, 2011 15:57
In fact, JRE 7 is officially out, see:

http://www.oracle.com/technetwork/java/javase/down...

However, direct link to JRE 7u01 isn't obvious, so I recommend link Secunia PSI provides as a solution, when basic JRE 7 shows as having a problem.

Marv


--
Be the change you wish to see in the world.
Mahathma Gandhi
Was this reply relevant?
+3
-2

randun

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
mbarley42 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 21st Oct, 2011 18:18
Score: -4
Posts: 40
User Since: 17th Jun 2011
System Score: N/A
Location: HR
(unknown source)

PS: PSI does not reco/gnize JRE 7, most probably because it has not been officially launched by Java yet?


Forgive me for correcting you, but PSI officially recognizes JRE 7.0.0 and as having a CATHEGORY 4 threat, offering as a solution a link to JRE 7u01. This is for x86 platform.

You might be still having problems, to repeat, with JRE 6u29 left behind and opening a window of opportunity for CATHEGORY 4 attack.

Please do select above quoted link and install. Download providers give link to JRE 7u01 directly, but such updates may have lesser authority and/or warranty.

Marv


--
Be the change you wish to see in the world.
Mahathma Gandhi
Was this reply relevant?
+3
-3
ddmarshall RE: Sun Java JRE Insecure Executable Loading Vulnerability
Dedicated Contributor 21st Oct, 2011 18:28
Score: 1172
Posts: 940
User Since: 8th Nov 2008
System Score: 100%
Location: UK
None of these posts provide any information about this vulnerability.

If it is being asserted that Java 1.7.1 fixes this vulnerability, can you provide a link to the announcement from Oracle stating this.

The original Acros article says that changing the way the JRE loads the configuration file from the current working directory would be likely to break many applications. I have yet to see anything from Oracle acknowleding this as a bug.
The latest Acros blog says that the vulnerability still exists on 1.6.29. It seems unlikely that it would be fixed in 1.7.1 and not in 1.6.29.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+7
-1
randun RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 21st Oct, 2011 18:59
Score: 2
Posts: 22
User Since: 14th Jun 2011
System Score: 98%
Location: US
(unknown source)
Forgive me for correcting you, but PSI officially recognizes JRE 7.0.0 and as having a CATHEGORY 4 threat, offering as a solution a link to JRE 7u01. This is for x86 platform.

You might be still having problems, to repeat, with JRE 6u29 left behind and opening a window of opportunity for CATHEGORY 4 attack.

Please do select above quoted link and install. Download providers give link to JRE 7u01 directly, but such updates may have lesser authority and/or warranty.

Marv


Forgiveness certainly not necessary. I'll gladly eat crow as PSI did recognize v7 after deleting v6. Since it appears that all previous versins of JRE have some sort of vulneerability associated with them, I don't understand why Java provides the option in its CP to select which version you wish to run.

--
Randy
Was this reply relevant?
+5
-4

randun

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: Sun Java JRE Insecure Executable Loading Vulnerability
Handling Contributor 21st Oct, 2011 20:09
Score: 11309
Posts: 8,721
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Randy,
It is a pity U see it that way but the observation made to which U have commented should be seen as helpful.

This particular thread was created by Secunia in August 2011 & refers to this Advisory:
http://secunia.com/advisories/45173

Even then I commented (see above) to those discussing that vulnerability that this was not the correct place (and why) & they should really create there own thread.

U have "tagged on" to a hi-jack by @mbarley22 which clearly points to this Advisory:
http://secunia.com/advisories/46512/

The voting system is geared on relevance to the Original Thread Created & there is nothing technical being discussed about the original advisory which makes all posts irrelevant. On that basis Forum members vote, hence,(I have not voted) the negative scores now & possibly more to follow as members read the various posts (incorrectly) created.

If U care to open your own thread under Open Discussion or Programs (Oracle JAVA) I think U will find a free flow of information & help if required.

Hope this helps.




--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+5
-6
mbarley42 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 22nd Oct, 2011 10:38
Score: -4
Posts: 40
User Since: 17th Jun 2011
System Score: N/A
Location: HR
Last edited on 22nd Oct, 2011 10:43
(unknown source)


The voting system is geared on relevance to the Original Thread Created & there is nothing technical being discussed about the original advisory which makes all posts irrelevant. On that basis Forum members vote, hence,(I have not voted) the negative scores now & possibly more to follow as members read the various posts (incorrectly) created.


Yes, but if we pointed to solution to vulnerability (upgrade to JRE 7u01 by a Secunia PSI provided link), then it is not so much off topic. (The problem might be that I first got alarmed to existence of solution by FileHippo download provider, but it is not a competition product, it is rather orthogonal as it provides user side view and not security weight of upgrades.)

This Sun (Oracle) hole was a thorn in my side for such a long time that I got over joyful when patch finally came, like the poor widow who found a coin and had to tell all her friends. :-)

Regards,
Marv


--
Be the change you wish to see in the world.
Mahathma Gandhi
Was this reply relevant?
+3
-3
mbarley42 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 23rd Oct, 2011 09:34
Score: -4
Posts: 40
User Since: 17th Jun 2011
System Score: N/A
Location: HR
Last edited on 23rd Oct, 2011 09:56
(unknown source)

The latest Acros blog says that the vulnerability still exists on 1.6.29. It seems unlikely that it would be fixed in 1.7.1 and not in 1.6.29.


It is true, PSI scan confirms this 1.6.x line including JRE 6u29 doesn't fix the problem. Your observation is correct.

However, 1.7.1 works in preliminary tests, so I upgraded in my test machines, but not labs.

Rgdz,
Marv

P.S. BTW, I gave you a point +, because I am not having bad feelings about negative score from you.



--
Be the change you wish to see in the world.
Mahathma Gandhi
Was this reply relevant?
+1
-2
mbarley42 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 24th Oct, 2011 05:35
Score: -4
Posts: 40
User Since: 17th Jun 2011
System Score: N/A
Location: HR
On the other hand, judging negative just _everything_ randun and I had said seems more like a score bullying.

I have PSI score behind me to back up my words.

Marv


--
Be the change you wish to see in the world.
Mahathma Gandhi
Was this reply relevant?
+0
-1
ligeia RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 17th Dec, 2011 23:10
Score: -1
Posts: 2
User Since: 17th Dec 2011
System Score: N/A
Location: AT
Last edited on 17th Dec, 2011 23:14
I'm new in the forum.. I'm just looking for a CLEAR (if possible...) information about Java. At the moment I'm running JRE 1.6.30, and Secunia detected it as 4 threat rating (though in the advisorie the vulnerability is confirmed only in version 26 and 27, but probably all the Java 6 versions are affected; just for browsing, of course). Well, Is it suggested to update to JRE 1.7.2 (though still in beta-testing..) or it's better to wait for a Java 7 stable release?

Thanks in advance to anyone will be so kind to reply.
Was this reply relevant?
+0
-1
Maurice Joyce RE: Sun Java JRE Insecure Executable Loading Vulnerability
Handling Contributor 18th Dec, 2011 01:29
Score: 11309
Posts: 8,721
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Welcome to the Forum.

I can answer the question but U have tagged on to a very old Secunia vulnerability notification.

U will notice from the posts already created on this thread that Secunia are not keen that users "tag on" to their vulnerability reports. Much better to create your own thread.

That said, JAVA remains vulnerable even with version JAVA 6 Update 30.(6.0.300.12) installed.

Updating to a BETA version.

1. Most good vendors releasing BETA versions caveat their use by telling users not to install them/it onto a main working platform.

2. BETA versions can be very buggy - normally there is no support for them because testers are expected to be experienced enough to diagnose any problems & report back to the vendor.

3. PSI does not track BETA.

It really is a personal choice. The bottom line is do U really require JAVA? Windows will work without it. If not required remove it via Control Panel>add/remove.





--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
taffy078 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Contributor 19th Dec, 2011 21:26
Score: 413
Posts: 1,279
User Since: 26th Feb 2009
System Score: 100%
Location: UK
I had a similar problem: http://secunia.com/community/forum/thread/show/117...

And yet again I will say that why oh why do posters in all innocence get negative scores JUST BECAUSE they have posted under a Secunia Vulnerability message?

If it is so important that we ordinary folk musn't wander into a Vulnerability message, this MUST be highlihghted by Secunia: such as " Warning - do NOT post here. If you have something to say, start a new thread."

If everyone then follows this warning, there will be lots of similar new threads.

If everyone ignores it, then many posters will be hacked off just because someone feels that the 'ordinary folk' must NOT wander into a Vulnerability message. That way will cause Secunia to lose members.

SOLUTION: Make it so that no-one can comment in the Vulnerability section.

OMG - this will lose me millions of points!!! C'mon, Secunia teccies - relax. You do a fabulous job so please don't upset members just because they wander by mistake into the Vulnerability asaylum!! ;0)



--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+6
-6

taffy078

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been minimised due to a negative Relevancy Score.
taffy078 RE: Sun Java JRE Insecure Executable Loading Vulnerability
Contributor 19th Dec, 2011 21:30
Score: 413
Posts: 1,279
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 19th Dec, 2011 21:31
OMG x 2: My post has appeared twice. Not my fault - honestly. So will I now lose DOUBLE the millions of points?

Chill out - life is too short to nit-pick. Just keep helping all the members who have posted in the "wrong" place! ;0)


--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+6
-6
ligeia RE: Sun Java JRE Insecure Executable Loading Vulnerability
Member 20th Feb, 2012 21:01
Score: -1
Posts: 2
User Since: 17th Dec 2011
System Score: N/A
Location: AT
Last edited on 20th Feb, 2012 21:06
Oh well, just to say I recently upgraded to JRE 1.6.31, detected as patched from Secunia in the Scanresult, but still Highly criytical in Secure Browsing (always referring to some old Secunia advisories). I lalso updated Adobe flash Player; even in this case, same situation: Secure browsing still detect Flas Player as Higly critical, always referring to a report related to the the previous version. No any info about the updated one.

Besides, Pale Moon (9.1) is detected as Highly Critical in Secure Browsing, but referring to a Mozilla Firefox report , as you can see here http://secunia.com/advisories/47816/ . Instead, is not reported the correct advisories for Pale Moon, when is told that updating to version 9.1 is fine , as you can see here http://secunia.com/advisories/47751/ .

Questions:I don't know if Adobe Flash Player is now safe (I think so) , or even if Java 1.6.31 is safe or not, but why Secunia is so SLOW to update his database (both for Flash Player and Java the latest advisories are quite old). Besides, why if I run a PC scan Pale Moon is detected by Secunia as if it is Firefox (Firefox 9 was not safe, and updating to FF10 was required. Pale Moon 9.1 instead is safe).

I have got a Secunia system score of 100% since years, but if I go in Secure Browsing sometimes I get this report still not updated. What the problem is?

Thanks in advance
Was this reply relevant?
+0
-0
mogs RE: Sun Java JRE Insecure Executable Loading Vulnerability
Expert Contributor 20th Feb, 2012 22:24
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
@ligeia

Please Create your own reply in Programs or Open Discussions section of the forum....this section ...Vulnerabilities....is reserved for specific discussion by Secunia.
I would point out tho', that, in part, you may not be reading the Secure Browsing feature correctly.....tho' you may have fully patched showing in Scan Results....that reflects that you the user have done all you can to patch up.
Tho' fully patched up, various progs/plug-ins may still contain vulnerabilities....the Secure Browsing feature is provided to help more experienced users discern.
Hope this helps you to formulate your new post in another section..........Regards,


--
Was this reply relevant?
+0
-0

funnyfunny

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been deleted

funnyfunny

RE: Sun Java JRE Insecure Executable Loading Vulnerability
[+]
This reply has been deleted

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability