Bug 436293 (CVE-2008-1188, CVE-2008-1189, CVE-2008-1190) - CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)
Summary: CVE-2008-1188 Buffer overflow security vulnerabilities in Java Web Start (CVE...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2008-1188, CVE-2008-1189, CVE-2008-1190
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://sunsolve.sun.com/search/docume...
Whiteboard:
Depends On: 436304 436305 439176 439177 444749 455574 455726
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-03-06 12:42 UTC by Marc Schoenefeld
Modified: 2019-09-29 12:24 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-30 01:12:14 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0186 0 normal SHIPPED_LIVE Critical: java-1.5.0-sun security update 2008-03-06 22:11:54 UTC
Red Hat Product Errata RHSA-2008:0210 0 normal SHIPPED_LIVE Critical: java-1.5.0-ibm security update 2008-04-03 16:19:20 UTC
Red Hat Product Errata RHSA-2008:0267 0 normal SHIPPED_LIVE Critical: java-1.6.0-ibm security update 2008-05-19 15:30:31 UTC
Red Hat Product Errata RHSA-2008:0638 0 normal SHIPPED_LIVE Low: Red Hat Network Satellite Server IBM Java Runtime security update 2008-08-13 14:19:37 UTC

Description Marc Schoenefeld 2008-03-06 12:42:23 UTC 
Three buffer overflow security vulnerabilities in Java Web Start may
independently allow an untrusted Java Web Start application that is downloaded
from a website to elevate its privileges. For example, an untrusted Java Web
Start application may grant itself permissions to read and write local files or
execute local applications that are accessible to the user running the untrusted
application.

A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to elevate its privileges. For example, an application may grant
itself permissions to read and write local files or execute local applications
that are accessible to the user running the untrusted application.

A vulnerability in Java Web Start may allow an untrusted Java Web Start
application to create files on the system that the untrusted application runs on
and leverage these files to run local applications with the privileges of the
user running the untrusted Java Web Start application.
Comment 2 Marc Schoenefeld 2008-03-13 09:13:21 UTC 
CVE-2008-1188: 

http://www.securityfocus.com/archive/1/489466/30/0/threaded

-- Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun Java Web Start. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.

The specific flaw exists in the useEncodingDecl() function used while
checking xml based JNLP files for UTF8 characters. When a user downloads
a malicious JNLP file, the data immediately preceding the opening of the
xml tag is read into a static buffer. If an overly long key name in the
xml header is included, a stack based buffer overflow occurs, resulting
in an exploitable condition.
Comment 3 Marc Schoenefeld 2008-03-13 09:16:17 UTC 
More on CVE-2008-1188: 

http://www.securityfocus.com/archive/1/489467/30/0/threaded

The specific flaw exists in the useEncodingDecl() function used while
parsing the xml header character encoding attribute. When a user
downloads a malicious JNLP file, the charset value is read into a static
buffer. If an overly charset name in the xml header is included, a stack
based buffer overflow occurs, resulting in an exploitable condition.
Comment 5 Mark J. Cox 2008-04-01 12:06:59 UTC 
Note that CVE-2008-1191 did not affect JDK5 and therefore should not be listed
in the advisory or the bug as it was not affected.
Note You need to log in before you can comment on or make changes to this bug.