Java SE AtomicReferenceArray Unsafe Security Bypass

2012-03-30T00:00:00
ID SAINT:6558E3E080367BA482316AE6D48877BA
Type saint
Reporter SAINT Corporation
Modified 2012-03-30T00:00:00

Description

Added: 03/30/2012
CVE: CVE-2012-0507
BID: 52161
OSVDB: 80724

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
Java Standard Edition (Java SE) includes the Java Virtual Machine, along with a standard set of libraries used by many applications.

Problem

In affected versions of Java SE, the AtomicReferenceArray class uses an Unsafe class to store a reference. Attackers may leverage this weakness to escape the JRE sandbox. If successful, the attackers may then load java code of their choice, which could result in execution of arbitrary code on the target server.

Resolution

Apply the Oracle Java SE Critical Patch Update February 2012, upgrade Java SE to a version later than 7 Update 2, 6 Update 30, 5.0 Update 33, 1.4.2_35, or JavaFX 2.0.2.

References

<http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html>
<http://blogs.technet.com/b/mmpc/archive/2012/03/20/an-interesting-case-of-jre-sandbox-breach-cve-2012-0507.aspx>
<http://weblog.ikvm.net/PermaLink.aspx?guid=cd48169a-9405-4f63-9087-798c4a1866d3>

Limitations

This exploit has been tested against Oracle JRE 7 Update 2 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

Platforms

Windows