FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a5934ba8-a376-11e5-85e9-14dae9d210b8java -- multiple vulnerabilities

Oracle reports:

This Critical Patch Update contains 25 new security fixes for Oracle Java SE. 24 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.


Discovery 2015-10-20
Entry 2015-12-15
Modified 2016-01-08
openjdk8
openjdk8-jre
< 8.66.17

openjdk7
openjdk7-jre
< 7.91.02,1

http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
CVE-2015-4835
CVE-2015-4881
CVE-2015-4843
CVE-2015-4883
CVE-2015-4860
CVE-2015-4805
CVE-2015-4844
CVE-2015-4901
CVE-2015-4868
CVE-2015-4810
CVE-2015-4806
CVE-2015-4871
CVE-2015-4902
CVE-2015-4840
CVE-2015-4882
CVE-2015-4842
CVE-2015-4734
CVE-2015-4903
CVE-2015-4803
CVE-2015-4893
CVE-2015-4911
CVE-2015-4872
CVE-2015-4906
CVE-2015-4916
CVE-2015-4908
d5e0317e-5e45-11e2-a113-c48508086173java 7.x -- security manager bypass

US CERT reports:

Java 7 Update 10 and earlier versions of Java 7 contain a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

The Java JRE plug-in provides its own Security Manager. Typically, a web applet runs with a security manager provided by the browser or Java Web Start plugin. Oracle's document states, "If there is a security manager already installed, this method first calls the security manager's checkPermission method with a RuntimePermission("setSecurityManager") permission to ensure it's safe to replace the existing security manager. This may result in throwing a SecurityException".

By leveraging the vulnerability in the Java Management Extensions (JMX) MBean components, unprivileged Java code can access restricted classes. By using that vulnerability in conjunction with a second vulnerability involving the Reflection API and the invokeWithArguments method of the MethodHandle class, an untrusted Java applet can escalate its privileges by calling the the setSecurityManager() function to allow full privileges, without requiring code signing. Oracle Java 7 update 10 and earlier Java 7 versions are affected. The invokeWithArguments method was introduced with Java 7, so therefore Java 6 is not affected.

This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available.

Esteban Guillardoy from Immunity Inc. additionally clarifies on the recursive reflection exploitation technique:

The real issue is in the native sun.reflect.Reflection.getCallerClass method.

We can see the following information in the Reflection source code:

Returns the class of the method realFramesToSkip frames up the stack (zero-based), ignoring frames associated with java.lang.reflect.Method.invoke() and its implementation.

So what is happening here is that they forgot to skip the frames related to the new Reflection API and only the old reflection API is taken into account.

This exploit does not only affect Java applets, but every piece of software that relies on the Java Security Manager for sandboxing executable code is affected: malicious code can totally disable Security Manager.

For users who are running native Web browsers with enabled Java plugin, the workaround is to remove the java/icedtea-web port and restart all browser instances.

For users who are running Linux Web browser flavors, the workaround is either to disable the Java plugin in browser or to upgrade linux-sun-* packages to the non-vulnerable version.

It is not recommended to run untrusted applets using appletviewer, since this may lead to the execution of the malicious code on vulnerable versions on JDK/JRE.


Discovery 2013-01-10
Entry 2013-01-14
openjdk7
gt 0

linux-sun-jdk
ge 7.0 lt 7.11

linux-sun-jre
ge 7.0 lt 7.11

CVE-2013-0433
625617
http://www.oracle.com/technetwork/topics/security/alert-cve-2013-0422-1896849.html
https://partners.immunityinc.com/idocs/Java%20MBeanInstantiator.findClass%200day%20Analysis.pdf