Quick write up discussing how you can harden OS X to protect yourself from the recent Java vulnerability.
b713cd7d5e08c9c12099198885f57504HITBSecConf2006 Presentation - Pentesting Java/J2EE - Discovering Remote Holes.
d5a23c4ff73ec13b47286f9d67383f36Opera 8.50 is susceptible to a denial of service condition via an applet.
4127abd26949b8d4f5affb8a92ee8c41There is a vulnerability with how JDK is used with Parosproxy that allows the JDBC to be used as an attack path.
4f93b29da59b8ddac3b92b5114da66faAdvisory regarding the ability to denial of service JBoss 4.0.2 with serialized java object due to vulnerabilities in JDK 1.4.2.
ca69972e0ee879de282a47be312f17cdSecure Java Programming - The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.
e4012f9e73716a6dda8711b642802f41Xcon 2005: Java & Secure Programming
88ffcf7b528ea654c44bb935b657e5fdJBoss jBPM suffers from a remote command execution flaw that allows a remote attacker to execute commands with the rights of the JBoss process.
8796fa4fd04467b9e6490dad6668214aMacOSX Java Runtime Environment Remote Denial of Service. Java SDK and JRE contain a flaw which crops up when objects are being de-serialized. This affects servers which are remotely getting data fed over RMI/IIOP, as well as "evil applet" attacks where a user can be persuaded to visit a site and attempt to load an applet.
c00a95239d9949a40ef993dca9a12842A vulnerability in the Java Runtime Environment (JRE) involving object deserialization could be exploited remotely to cause the Java Virtual Machine to become unresponsive, which is a type of Denial-of-Service (DoS). This issue can affect the JRE if an application that runs on it accepts serialized data from an untrusted source. Includes Sun advisory announcing release of JDK 1.4.2_06 and a note from Marc Shoenefeld who discovered the flaw.
90a7b52d93f76377be6e4f3bf4a7f36dOpera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain privileges. This allows for information gathering as well as denial of service effects.
a67b11d7269a7f701fd1a3682d495e7bSun Security Advisory - The XSLT processor included with the Java Runtime Environment (JRE) may allow an untrusted applet to read data from another applet that is processed using the XSLT processor and may allow the untrusted applet to escalate privileges. All variants of Sun Java JRE 1.4.x and Sun Java SDK 1.4.x are affected, except releases 1.4.2_05 and above.
d87c0af157537d5cd6452d44facff79aThe Microsoft Java Virtual Machine suffers from a cross-site communication vulnerability that allows Java applets originating from different domains to communicate.
61ab28abd50ab3af13559c8c4509bfc7Sun-Java-App-Server PE version 8.0 suffers from a path disclosure vulnerability when returning server error 500 pages.
a1340be73e5fa96fb10be66e55cb2789IBM cloudscape SQL Database (DB2J) version 5.1 on Windows with jdk 1.4.2 is vulnerable to remote command injection, denial of service attacks, and information leakage via specially crafted SQL statements.
34808051fb93ae87a4b41af19b89a69dAttached is an exploit that crashes the Pointbase 4.6 database server that comes with the J2EE reference implementation. It is caused by fact that the Pointbase installation coming with j2ee/ri 1.4. is not equipped with an appropriate security manager, thus giving all jars implicitly all permissions. These unlimited permissions can be exploited by an attacker using jdbc to crash the jvm running the pointbase server. Further exploitations possible are information disclosure and remote command injection.
656290e3971e2cf1d90448e0af989f95Illegalaccess.org Security Alert - Openoffice 1.1.0 is vulnerable to a denial of service attack when enabled and a TCP connection to the daemon gets fed a bunch of zeroes.
6379b995196fde39663d7c7af9de8cd2Illegalaccess.org Security Alert - JBoss 3.2.1, the Java server for running J2EE enterprise applications, is vulnerable to denial of service attacks, log manipulation, manipulation of process variables, and arbitrary command injection.
293a3d8fbdf93758ec5f64e0dafc6da2Boss 3.2.1 with Jetty is vulnerable to full JSP source code disclosure when using a null byte.
d63a80b2f8b61a884e79e56655387094A specially constructed Java Applet crashes Opera versions 6.05 and 7.01. Opera's own class files in the opera.jar library are susceptible to a buffer overrun which causes a JVM crash and then crashes Opera.
725fec5e451ee6bf4bcbb1761bddc632This simple java program crashes the VM (at least 1.3.1-b24) on W2K, and is another example of Java-Frontier Bugs.
f832602e94c83b1f5af593fb621d4f03
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed