ISS X-Force Database: sun-java-dragdrop-weak-security(36950): Sun Java Web Start drag and drop weak security

Sun Java Web Start drag and drop weak security

sun-java-dragdrop-weak-security (36950)

Medium Risk

Description:

Sun Java Web Start could provide weaker than expected security, caused by an unspecified vulnerability related to improper restrictions on untrusted applications and applets. By persuading a victim to drag and drop a file from an applet to a Desktop application, a remote attacker could exploit this vulnerability to move or copy arbitrary system files with permissions of the Desktop application.

Platforms Affected:

HP, HP-UX B.11.11
HP, HP-UX B.11.23
HP, HP-UX B.11.31
Novell, Linux Desktop 9
Novell, Linux POS 9
Novell, Open Enterprise Server
Novell, Open Enterprise Server
Novell, OpenSUSE 10.2
Novell, OpenSUSE 10.3
Novell, SLE SDK 10 SP1
Novell, SUSE Linux Enterprise Desktop 10 SP1
Novell, SUSE Linux Enterprise Server 10 SP1
Novell, SUSE Linux Enterprise Server 10
RedHat, RHEL Desktop Supplementary 5 Client
RedHat, RHEL Extras 3
RedHat, RHEL Extras 4
RedHat, RHEL Supplementary 5 Server
Sun, JDK 1.5.0 Update7
Sun, JDK 1.5.0 Update5
Sun, JDK 1.5.0 Update4
Sun, JDK 1.5.0 Update3
Sun, JDK 1.5.0 Update2
Sun, JDK 1.5.0 Update8
Sun, JDK 1.5.0 Update9
Sun, JDK 1.5.0 Update11
Sun, JDK 1.5.0 Update1
Sun, JDK 1.5.0 Update10
Sun, JDK 1.5.0 Update12
Sun, JDK 1.6.0 Update1
Sun, JDK 1.6.0 Update2
Sun, JRE 1.3.0 Update5
Sun, JRE 1.3.0
Sun, JRE 1.3.1 Update19
Sun, JRE 1.3.1 Update18
Sun, JRE 1.3.1 Update16
Sun, JRE 1.3.1 Update1
Sun, JRE 1.3.1 Update1a
Sun, JRE 1.3.1 Update20
Sun, JRE 1.4.0
Sun, JRE 1.4.1 Update3
Sun, JRE 1.4.2
Sun, JRE 1.4.2 Update3
Sun, JRE 1.4.2 Update15
Sun, JRE 1.4.2 Update14
Sun, JRE 1.4.2 Update9
Sun, JRE 1.4.2 Update12
Sun, JRE 1.4.2 Update11
Sun, JRE 1.4.2 Update10
Sun, JRE 1.4.2 Update1
Sun, JRE 1.4.2 Update8
Sun, JRE 1.4.2 Update13
Sun, JRE 1.5.0 Update12
Sun, JRE 1.5.0 Update1
Sun, JRE 1.5.0 Update10
Sun, JRE 1.5.0 Update3
Sun, JRE 1.5.0 Update4
Sun, JRE 1.5.0 Update5
Sun, JRE 1.5.0 Update6
Sun, JRE 1.5.0 Update7
Sun, JRE 1.5.0 Update8
Sun, JRE 1.5.0 Update9
Sun, JRE 1.5.0 Update11
Sun, JRE 1.5.0 Update2
Sun, JRE 1.6.0 Update1
Sun, JRE 1.6.0 Update2
Sun, SDK 1.3.1_01
Sun, SDK 1.3.1_01a
Sun, SDK 1.3.1_16
Sun, SDK 1.3.1_18
Sun, SDK 1.3.1_19
Sun, SDK 1.3.1_20
Sun, SDK 1.4.2
Sun, SDK 1.4.2_03
Sun, SDK 1.4.2_08
Sun, SDK 1.4.2_09
Sun, SDK 1.4.2_10
Sun, SDK 1.4.2_11
Sun, SDK 1.4.2_12
Sun, SDK 1.4.2_13
Sun, SDK 1.4.2_14
Sun, SDK 1.4.2_15
SuSE, SLE SDK 10
SuSE, SuSE Linux 10.0
SuSE, SuSE Linux 10.1
SuSE, SuSE SLES 9
VMware, ESX Server 3.5

Remedy:

Refer to Sun Alert ID: 103072 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

Consequences:

File Manipulation

References:

HPSBUX02284 SSRT071483 rev.3, HP-UX Running Java JRE and JDK, Remote Unauthorized Access at http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01234533.
Sun Alert ID: 103072, An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application or Applet Window to a Desktop Application at http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1.
VMSA-2008-0010, Updated Tomcat and Java JRE packages for VMware ESX 3.5 at http://www.vmware.com/security/advisories/VMSA-2008-0010.html.
ASA-2007-428: java-1.5.0-sun security update (RHSA-2007-0963)
ASA-2007-429: An Untrusted Java Web Start Application or Java Applet May Move or Copy Arbitrary Files by Requesting the User to Drag and Drop a File from Application
ASA-2007-495: java-1.5.0-ibm security update (RHSA-2007-1041)
ASA-2008-049: HP-UX Running Java JRE and JDK Remote Unauthorized Access (HPSBUX02284)
ASA-2008-104: java-1.5.0-bea security update (RHSA-2008-0156)
ASA-2008-116: java-1.4.2-bea security update (RHSA-2008-0100)
CVE-2007-5239: Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.
FrSIRT/ADV-2007-3895: HP-UX Security Update Fixes Multiple Java Code Execution Vulnerabilities
FrSIRT/ADV-2008-0609: BEA JRockit Multiple Code Execution and Security Bypass Vulnerabilities
FrSIRT/ADV-2008-1856: VMware ESX Server Security Update Fixes Multiple Vulnerabilities
RHSA-2007-0963: Important: java-1.5.0-sun security update
RHSA-2007-1041: Important: java-1.5.0-ibm security update
RHSA-2008-0100: Moderate: java-1.4.2-bea security update
RHSA-2008-0132: Critical: java-1.4.2-ibm security update
RHSA-2008-0156: Moderate: java-1.5.0-bea security update
SA27009: Sun Java JRE Multiple Vulnerabilities
SA29042: BEA JRockit Multiple Vulnerabilities
SA30676: VMware ESX Server update for Tomcat and Java JRE
SECTRACK ID: 1018814: Java Web Start Bugs Let Remote Users Rename/Copy Files on the Target User's System
SUSE-SA:2007:055: Sun Java security problems
SUSE-SA:2008:025: IBM Java security update

Reported:

Oct 03, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page