Summary: | <dev-java/icedtea6-bin-1.9.4 JNLP security manager bypass (CVE-2010-4351) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andrew John Hughes <gnu_andrew> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | java |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=663680 | ||
Whiteboard: | C2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 215614, 247140, 346799, 353418 |
Description
Andrew John Hughes
2011-01-18 14:57:20 UTC
Quoting $URL: It was discovered that the JNLPSecurityManager in certain cases failed to properly implement the security policy, and did not throw an exception to prevent completion of a possibly unsafe or sensitive operation and simply returned from the checkPermission method. Any service relying on the SecurityManager.checkPermission() method to throw an exception then incorrectly assumed that the permission was granted. (In reply to comment #0) > Updated ebuilds in java-overlay. In tree as well, for the source dev-java/icedtea package. Now building icedtea6-bin. CVE-2010-4351 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351): The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader. The version bump for dev-java/icedtea caused bug 352314 Done, please stabilize dev-java/icedtea6-bin-1.9.4 x86 stable amd64 ok amd64 done. Thanks Agostino Thanks, folks. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201406-32 at http://security.gentoo.org/glsa/glsa-201406-32.xml by GLSA coordinator Mikle Kolyada (Zlogene). |