February 28, 2021
Hot Topics:

Java Security Hole Left Unplugged for 2 Years

  • By Developer.com Staff

A security expert, Sami Koivu, discovered a critical security flaw in Java and reported it to Sun in 2008, but it's still not fixed.

"This bug reaches the severity threshold where ideally I wouldn't talk about it until a fix has been issued, but as the Facebook relationship status would put it: It's complicated," Koivu said.

By manipulating a JFileChooser object using a Timer and ActionListeners, a hacker can not only view a users file system, but she can create folders, move and rename files, or pretty much whatever she wants via an Applet. That's not supposed to be possible.

Normally, this type of security flaw would be considered a Zero Day threat or initiative.

"It doesn't qualify for ZDI because I already notified Sun by myself in 2008 about various vulnerabilities, first via their bug tracking (I didn't know any better) system and later on via e-mail to their security address, which resulted in the famous Calendar Serialization issue getting fixed," Koivu explained. "This JFileChooser issue just never got fixed. To be clear: after 2008, they never got back to me and I didn't harass them to fix it."

The bug could be used for delayed Remote Code Execution. "For example, a .jar might be moved from the Java Cache into the Java extension folder which has higher permissions. Or imagine an executable posing as an image, which gets renamed, then moved to a system folder," Koivu said.

View Article

Originally published on https://www.developer.com.

This article was originally published on February 9, 2011

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date