From owner-freebsd-java Mon Apr 5 11:52: 2 1999 Delivered-To: freebsd-java@freebsd.org Received: from picnic.mat.net (picnic.mat.net [206.246.122.133]) by hub.freebsd.org (Postfix) with ESMTP id 347A2154AC for ; Mon, 5 Apr 1999 11:51:40 -0700 (PDT) (envelope-from chuckr@mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.3/8.8.5) with ESMTP id OAA07783 for ; Mon, 5 Apr 1999 14:47:55 -0400 (EDT) Date: Mon, 5 Apr 1999 14:47:55 -0400 (EDT) From: Chuck Robey To: FreeBSD-java@FreeBSD.org Subject: Fwd: New Hole in Java 2 (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I got this from the cryptography@c2.net list, and it seemed very appropriate to repost it here. Some headers cut, except the last one. --- begin forwarded text Date: Mon, 5 Apr 1999 09:44:29 -0400 (EDT) To: fm@union.co.uk Subject: New Hole in Java 2 From: gem@rstcorp.com (Dr. Gary McGraw) Reply-To: gem@rstcorp.com Dear Fearghas McKay, Karsten Sohr at the University of Marburg in Germany (email sohr@mathematik.uni-marburg.de) has discovered a very serious security flaw in several current versions of the Java Virtual Machine, including Sun's JDK 1.1 and Java 2 (a.k.a. JDK 1.2), and Netscape's Navigator 4.x. (Microsoft's latest JVM is not vulnerable to this attack.) The flaw allows an attacker to create a booby-trapped Web page, so that when a victim views the page, the attacker seizes control of the victim's machine and can do whatever he wants, including reading and deleting files, and snooping on any data and activities on the victim's machine. The flaw is in the "byte code verifier" component of the JVM. Under some circumstances the verifier fails to check all of the code that is loaded into the JVM. Exploiting the flaw allows the attacker to run code that has not been verified; this code can set up a type confusion attack (see our book "Securing Java" for details http://www.securingjava.com) which leads to a full-blown security breach. We have verified that the flaw exists and is serious. An attack applet has been developed in the lab to exploit the flaw. Sun and Netscape have been notified about the flaw and they are working on a fix. Thanks for your interest in Java Security, Dr. Gary McGraw Prof. Edward W. Felten Reliable Software Technologies Secure Internet Programming Lab gem@rstcorp.com Dept. of Computer Science Princeton University http://www.securingjava.com felten@cs.princeton.edu --- end forwarded text --- end forwarded text ----------------- Robert A. Hettinga Philodox Financial Technology Evangelism 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message