Red Hat Bugzilla – Bug 1288070
Suspected security vulnerability in sun.nio.ch.PipeImpl
Last modified: 2015-12-03 15:19:01 EST
sun.nio.ch.PipeImpl creates a TCP/IP socket pair and binds socket sc2 an ephemeral port on 127.0.0.1. It then generates a 64-bit random number with an insecure random number generator, connects from sc1 to sc2 and sends the generated number. If the received number matches the sent number, the connection is established. Otherwise a new random number is generated and the process is repeated until the numbers match.
On most operating systems there is no access control for loopback TCP/IP connections (in their default configuration), so an attacker can submit their own guess of the random number by exploiting a race condition. This would at most require 2^64 attempts (the usual speed-ups apply). Moreover, the attack can be significantly accelerated by the fact the random number generator is partially predictable. If CryptGenRandom fails on Microsoft Windows, the seed for the random number generator is java.lang.System#nanoTime and the number of invocations of java.util.Random. Both values can be estimated by the attacker by observing the use of system resources. Otherwise the seed of the random number generator is 64-bit.
Hello, thank you for reporting this issue. Red Hat only supports OpenJDK on Linux at this time, and this issue appears to affect Windows specifically.
Please report this issue to Oracle directly as they maintain OpenJDK on Windows actively:
Closing issue here.