Red Hat Bugzilla – Bug 672262
CVE-2011-0025 IcedTea jarfile signature verification bypass
Last modified: 2015-08-19 05:03:30 EDT
Omair Majid discovered that there are more problems with jar verification that
Ville Skyttä found (bug #671269). Essentially, there was no multiple signer
handling at all. This means it would be possible (with the current code) to make netx display either the wrong cert, or even no cert at all with a carefully crafted jnlp app. This means that in certain cases the user is not even notified and untrusted code is run with the full privileges of the user.
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0025 to
the following vulnerability:
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does
not properly verify signatures for JAR files that (1) are "partially
signed" or (2) signed by multiple entities, which allows remote
attackers to trick users into executing code that appears to come from
a trusted source.