Bug 718164 (CVE-2011-2513)

Summary: CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ahughes, aph, dbhole, omajid, security-response-team, slawomir.iwanek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20110720,reported=20110629,source=redhat,cvss2=4.3/AV:N/AC:M/Au:N/C:P/I:N/A:N,rhel-6/icedtea-web=affected,rhel-6/java-1.6.0-openjdk=notaffected,rhel-5/java-1.6.0-openjdk=notaffected,fedora-15/icedtea-web=affected,fedora-14/java-1.6.0-openjdk=affected
Fixed In Version: icedtea-web 1.0.4, icedtea-web 1.1.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-08 04:28:34 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 718180, 718181, 723556, 723557    
Bug Blocks: 717859    

Description Tomas Hoger 2011-07-01 04:57:34 EDT
Omair Majid discovered an information disclosure flaw in the JNLP (Java Network Launching Protocol) implementation used in IcedTea and IcedTea-web. An unsigned Java Web Start application or Java Applet could use this flaw to determine a path to the cache directory (/home/<username>/.netx/cache/) used to store downloaded jars for Web Start application or Applet by querying class's ClassLoader properties. This discloses full path to user's home directory on the local system and user's login name.
Comment 4 Tomas Hoger 2011-07-20 11:02:54 EDT
Created icedtea-web tracking bugs for this issue

Affects: fedora-15 [bug 723556]
Comment 5 Tomas Hoger 2011-07-20 11:02:58 EDT
Created java-1.6.0-openjdk tracking bugs for this issue

Affects: fedora-14 [bug 723557]
Comment 6 errata-xmlrpc 2011-07-27 10:52:45 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1100 https://rhn.redhat.com/errata/RHSA-2011-1100.html