Lucene search

K
saintSAINT CorporationSAINT:2A2447E1BCC3EED8CC15036CFE02E6AD
HistoryMar 30, 2012 - 12:00 a.m.

Java SE AtomicReferenceArray Unsafe Security Bypass

2012-03-3000:00:00
SAINT Corporation
download.saintcorporation.com
36

EPSS

0.967

Percentile

99.7%

Added: 03/30/2012
CVE: CVE-2012-0507
BID: 52161
OSVDB: 80724

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
Java Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications.

Problem

In affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server.

Resolution

Apply the Oracle Java SE Critical Patch Update February 2012, upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2.

References

<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html&gt;
<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx&gt;
<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3&gt;

Limitations

This exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows