Java Runtime Environment DriverManager doPrivileged block sandbox bypass

2013-05-24T00:00:00
ID SAINT:116AF8634B5A70832986245A74722785
Type saint
Reporter SAINT Corporation
Modified 2013-05-24T00:00:00

Description

Added: 05/24/2013
CVE: CVE-2013-1488
BID: 58504
OSVDB: 91472

Background

Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files.

Problem

A vulnerability in the **java.sql.DriverManager** class allows arbitrary command execution outside the security sandbox due to an implicit call to the **toString()** function that is made within a doPrivileged block.

Resolution

Upgrade to the current version of Java SE.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-076/>
<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html>

Limitations

Exploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux.

Platforms

Windows
Linux