Bug 718164 (CVE-2011-2513)

Summary: CVE-2011-2513 icedtea, icedtea-web: home directory path disclosure to untrusted applications
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ahughes, aph, dbhole, omajid, security-response-team, slawomir.iwanek
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: icedtea-web 1.0.4, icedtea-web 1.1.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-08 08:28:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 718180, 718181, 723556, 723557    
Bug Blocks: 717859    

Description Tomas Hoger 2011-07-01 08:57:34 UTC 
Omair Majid discovered an information disclosure flaw in the JNLP (Java Network Launching Protocol) implementation used in IcedTea and IcedTea-web. An unsigned Java Web Start application or Java Applet could use this flaw to determine a path to the cache directory (/home/<username>/.netx/cache/) used to store downloaded jars for Web Start application or Applet by querying class's ClassLoader properties. This discloses full path to user's home directory on the local system and user's login name.
Comment 3 Tomas Hoger 2011-07-20 14:57:45 UTC 
Public now via upstream release:

IcedTea-Web 1.0.4 and 1.1.1
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015171.html

IcedTea6 1.8.9 and 1.9.9
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-July/015170.html

Upstream commits:
http://icedtea.classpath.org/hg/release/icedtea-web-1.0/rev/b29fdd0f4d04
http://icedtea.classpath.org/hg/release/icedtea-web-1.1/rev/c7ce6c0e6227
Comment 4 Tomas Hoger 2011-07-20 15:02:54 UTC 
Created icedtea-web tracking bugs for this issue

Affects: fedora-15 [bug 723556]
Comment 5 Tomas Hoger 2011-07-20 15:02:58 UTC 
Created java-1.6.0-openjdk tracking bugs for this issue

Affects: fedora-14 [bug 723557]
Comment 6 errata-xmlrpc 2011-07-27 14:52:45 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:1100 https://rhn.redhat.com/errata/RHSA-2011-1100.html