Bug 436293 - (CVE-2008-1188) CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
http://sunsolve.sun.com/search/docume...
impact=critical,source=sunsolve,repor...
: Security
Depends On: 436304 436305 439176 439177 444749 455574 455726
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-06 07:42 EST by Marc Schoenefeld
Modified: 2011-09-29 21:12 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-09-29 21:12:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marc Schoenefeld 2008-03-06 07:42:23 EST
Three buffer overflow security vulnerabilities in Java Web Start may
independently allow an untrusted Java Web Start application that is downloaded
from a website to elevate its privileges. For example, an untrusted Java Web
Start application may grant itself permissions to read and write local files or
execute local applications that are accessible to the user running the untrusted
application.

A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to elevate its privileges. For example, an application may grant
itself permissions to read and write local files or execute local applications
that are accessible to the user running the untrusted application.

A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to create files on the system that the untrusted application runs on
and leverage these files to run local applications with the privileges of the
user running the untrusted Java Web Start application.
Comment 2 Marc Schoenefeld 2008-03-13 05:13:21 EDT
CVE-2008-1188: 

http://www.securityfocus.com/archive/1/489466/30/0/threaded

-- Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun Java Web Start. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.

The specific flaw exists in the useEncodingDecl() function used while
checking xml based JNLP files for UTF8 characters. When a user downloads
a malicious JNLP file, the data immediately preceding the opening of the
xml tag is read into a static buffer. If an overly long key name in the
xml header is included, a stack based buffer overflow occurs, resulting
in an exploitable condition.
Comment 3 Marc Schoenefeld 2008-03-13 05:16:17 EDT
More on CVE-2008-1188: 

http://www.securityfocus.com/archive/1/489467/30/0/threaded

The specific flaw exists in the useEncodingDecl() function used while
parsing the xml header character encoding attribute. When a user
downloads a malicious JNLP file, the charset value is read into a static
buffer. If an overly charset name in the xml header is included, a stack
based buffer overflow occurs, resulting in an exploitable condition.
Comment 5 Mark J. Cox (Product Security) 2008-04-01 08:06:59 EDT
Note that CVE-2008-1191 did not affect JDK5 and therefore should not be listed
in the advisory or the bug as it was not affected.

Note You need to log in before you can comment on or make changes to this bug.