Executive Summary

Summary
Title Oracle Sun Java fails to properly validate Java applet signatures
Informations
Name VU#507652 First vendor Publication 2010-04-02
Vendor VU-CERT Last vendor Modification 2010-04-02
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#507652

Oracle Sun Java fails to properly validate Java applet signatures

Overview

Oracle Sun Java fails to properly validate Java applet signatures, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

I. Description

Signed Java applets have the ability to perform actions outside of the traditional Java sandbox, including local filesystem access or the ability to execute native code. When a user encounters a signed Java applet in a web page, the JRE will provide a dialog asking the user if they wish to run the application. The default for this dialog is "Always trust content from this publisher." This means that once a signed Java applet is executed, all applets that are determined to be signed by that vendor will execute without requiring any user interaction. Please see the CERT Vulnerability Analysis Blog for more details.

Oracle Sun Java contains a critical flaw in the validation of Java applet signatures. This vulnerability can allow an attacker to modify the contents of a signed Java applet without breaking the signature. The Oracle Critical Patch Update lists the following versions as being affected:
Java SE:

  • JDK and JRE 6 Update 18 and earlier for Windows, Solaris, and Linux
  • JDK 5.0 Update 23 and earlier for Solaris
  • SDK 1.4.2_25 and earlier for Solaris
Java for Business:
  • JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux
  • JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux
  • SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux

II. Impact

By convincing a user to execute a signed Java applet, e.g. by visiting a website, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

III. Solution

Apply an update

This issue has been addressed by the Java updates specified in the Oracle Java Critical Patch Update - March 2010 document.

Disable Java

This and other Java vulnerabilities can be mitigated by disabling Java support in your web browser. Details are available in the Securing Your Web Browser document.

Disable signed Java

Details for disabling signed Java are available in the CERT Vulnerability Analysis Blog entry Signed Java Applet Security: Worse than ActiveX?.

Systems Affected

VendorStatusDate NotifiedDate Updated
Oracle CorporationVulnerable2010-04-02
Sun Microsystems, Inc.Vulnerable2008-10-222010-04-02

References

http://www.cert.org/blogs/vuls/2008/06/signed_java_security_worse_tha.html
http://www.oracle.com/technology/deploy/security/critical-patch-updates/javacpumar2010.html
http://java.sun.com/javase/6/docs/technotes/guides/jweb/mixed_code.html
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
http://java.sun.com/j2se/1.4.2/docs/guide/security/spec/security-spec.doc1.html#18313

Credit

Thanks to Brian Bjerre Graversen of Signaturgruppen for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

Date Public:2010-03-30
Date First Published:2010-04-02
Date Last Updated:2010-04-02
CERT Advisory: 
CVE-ID(s):CVE-2010-0087
NVD-ID(s):CVE-2010-0087
US-CERT Technical Alerts: 
Metric:27.34
Document Revision:7

Original Source

Url : http://www.kb.cert.org/vuls/id/507652

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13959
 
Oval ID: oval:org.mitre.oval:def:13959
Title: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Description: Unspecified vulnerability in the Java Web Start, Java Plug-in component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-0087
 Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
 Product(s): Java Runtime Environment
Java Development Kit
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 321
Application 356
Application 101

OpenVAS Exploits

Date Description
2012-03-16 Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe...
File : nvt/gb_VMSA-2011-0003.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-18 (sun-jre-bin sun-jdk emul-linux-x86-j...
File : nvt/glsa_201006_18.nasl
2010-06-07 Name : HP-UX Update for Java HPSBUX02524
File : nvt/gb_hp_ux_HPSBUX02524.nasl
2010-05-28 Name : Java for Mac OS X 10.5 Update 7
File : nvt/macosx_java_for_10_5_upd_7.nasl
2010-05-28 Name : Java for Mac OS X 10.6 Update 2
File : nvt/macosx_java_for_10_6_upd_2.nasl
2010-04-07 Name : Oracle Java SE Multiple Vulnerabilities (Linux)
File : nvt/gb_oracle_java_se_mult_vuln_lin_apr10.nasl
2010-04-07 Name : Oracle Java SE Multiple Vulnerabilities (Windows)
File : nvt/gb_oracle_java_se_mult_vuln_win_apr10.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63497 Oracle Java SE / Java for Business Java Web Start Plug-in Unspecified Unauthe...

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-05-12 IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0027158

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO
2013-02-22 Name : The remote Unix host contains a runtime environment that is affected by multi...
File : oracle_java_cpu_mar_2010_unix.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100331_java__jdk_1_6_0__on_SL4_x.nasl - Type : ACT_GATHER_INFO
2011-02-14 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-100525.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_6_0-ibm-100610.nasl - Type : ACT_GATHER_INFO
2010-12-02 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_java-1_4_2-ibm-100728.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_java-1_5_0-ibm-7077.nasl - Type : ACT_GATHER_INFO
2010-09-03 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12626.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0574.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12623.nasl - Type : ACT_GATHER_INFO
2010-06-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0471.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201006-18.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_6_update2.nasl - Type : ACT_GATHER_INFO
2010-05-19 Name : The remote host has a version of Java that is affected by multiple vulnerabil...
File : macosx_java_10_5_update7.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0383.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0338.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0337.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-04-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_java-1_6_0-sun-100331.nasl - Type : ACT_GATHER_INFO
2010-03-30 Name : The remote Windows host contains a runtime environment that is affected by mu...
File : oracle_java_cpu_mar_2010.nasl - Type : ACT_GATHER_INFO
2010-03-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0130.nasl - Type : ACT_GATHER_INFO