[Noisebridge-discuss] hijacking old java runtime environments
Brian Johnson
noisebridge at dogtoe.com
Sat Jun 6 21:06:09 UTC 2009
There is a known security exploit for JRE 6u13 which allows the remote
execution of code. This could have been used to access old versions of the
JRE.
http://www.milw0rm.com/exploits/8665
- Brian
On Sat, Jun 6, 2009 at 12:48 PM, Kristian Erik Hermansen <
kristian.hermansen at gmail.com> wrote:
> Hello!
>
> I am currently researching methods that allow a malicious website to
> load previously installed Java runtime environments. A common issue
> is that even after updating Sun's JRE (on Windows), most users do not
> remove the older versions, which is a potential vector for abuse. We
> logged one of our internal employees getting hijacked in this way,
> even though they had (and we confirmed using the logs) the latest Sun
> JRE 6u13. However, using methods I will not detail just yet, the
> website was able to convince the browser to load JRE 6u5, which has a
> myriad of known security issues. The website in question attempted to
> load all previous JRE versions (starting at the oldest
> chronologically), in a brute force manner, until one that was
> installed was enumerated and exploited.
>
> If you have done any research in this area, or know of anyone who can
> point to technical documents that might expose other related attack
> vectors, please do let me know. Or we could have a discussion here in
> this thread if others are interested in how this website was able to
> do this. However, I want to save the specific details for a tech
> paper/conference since I have never heard of anyone doing this before
> and it might be 0day. We have never seen it in our environment and we
> process many terabytes of log data per month...
>
> Cheers,
> --
> Kristian Erik Hermansen
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20090606/0b2d124b/attachment-0003.html>
More information about the Noisebridge-discuss
mailing list