Oracle Java Runtime Environment Insecure File Loading

2011-08-08T00:00:00
ID SAINT:DD7A9133DB2E7EFB934E985138D54777
Type saint
Reporter SAINT Corporation
Modified 2011-08-08T00:00:00

Description

Added: 08/08/2011
OSVDB: 74330

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A remote code execution vulnerability has been reported in Oracle's JRE due to insecure loading of a configuration file. The configuration file can be used to set JVM options, resulting in the execution of arbitrary code or commands. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted file with a Java-enabled version of Mozilla Firefox or Apple Safari.

Resolution

Only upload trusted files. Keep the Oracle JRE current in order to obtain a fix when it becomes available.

References

<http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html>
<http://secunia.com/advisories/45173>

Limitations

Exploit works on Oracle JRE 6 Update 26 and the target user must open the exploit file from the specified SMB share in Mozilla Firefox or Apple Safari.

An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified. The program **smbclient** must be available on the SAINT host.

Exploit requires creation of a custom e-mail message specifying an exploit download path '//smb_server/smb_share/default.htm'.

Platforms

Windows