Java 1.7.0_21-b11 Code Execution

测试方法:

提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!

  1. Thenew flaw was verified to affect all versions of Java SE
  2. 7(including the recently released 1.7.0_21-b11).It can be
  3. used to achieve a complete Java security sandbox bypass on
  4. a target system.Successful exploitation in a web browser
  5. scenario requires proper user interaction (a user needs to
  6. accept the risk of executing a potentially malicious Java
  7. application when a security warning window is displayed).
  8.  
  9. What's interesting is that the new issue is present not only
  10. in JRE Plugin / JDK software, but also the recently announced
  11. Server JRE as well [1]. Those concerned about a feasibility
  12. of exploitation of Java flaws in a server environment should
  13. consult Guideline 3-8 of "Secure Coding Guidelines for a Java
  14. Programming Language" [2]. It lists the following software
  15. components and APIs as potentially prone to the execution of
  16. untrusted Java code:
  17. - Sun implementation of the XSLT interpreter,
  18. - Long Term Persistence of JavaBeans Components,
  19. - RMI and LDAP (RFC 2713),
  20. - Many SQL implementations.
  21.  
  22. In Apr 2012 [3], we reported our first vulnerability report
  23. to Oracle corporation signaling multiple security problems in
  24. Java SE 7 and the Reflection API in particular. It's been a
  25. year since thenand to ourtrue surprise, we were still able
  26. to discover one of the simplest and most powerful instances
  27. of JavaReflection API based vulnerabilities.It looks Oracle
  28. was primarily focused on hunting down potentially dangerous
  29. Reflection API calls in the "allowed" classes space.If so,
  30. no surprise that Issue61 was overlooked.
  31.  
  32. Thank you.
  33.  
  34. BestRegards
  35. AdamGowdiak
  36.  
  37. ---------------------------------------------
  38. SecurityExplorations
  39. http://www.security-explorations.com
  40. "We bring security research to the new level"
  41. ---------------------------------------------
  42.  
  43. References:
  44. [1]Server JRE (Java SE RuntimeEnvironment)7Downloads
  45. http://www.oracle.com/technetwork/java/javase/downloads/server-jre7-downloads-1931105.html
  46. [2]SecureCodingGuidelinesfor the JavaProgrammingLanguage,Version4.0
  47. http://www.oracle.com/technetwork/java/seccodeguide-139067.html
  48. [3] SE-2012-01Vendors status
  49. http://www.security-explorations.com/en/SE-2012-01-status.html
posted @ 2013-04-25 22:19  夏虫xm  阅读(358)  评论(0)    收藏  举报