Bugtraq mailing list archives
JDK 1.1.1 & HotJava 1.0 vulnerability
From: aleph1 () DFW NET (Aleph One)
Date: Wed, 30 Apr 1997 13:16:48 -0500
http://www.cs.princeton.edu/sip/News.html April 1997: We found a serious security flaw in version 1.1.1 of the Java Development Kit (JDK) and version 1.0 of the HotJava browser, both from Sun. These systems allow digitally signed applets. If an applet's signer is labelled as trusted by the local system, then the applet is not subject to the normal security restrictions. The flaw we found allows an applet to change the system's idea of who signed it. The applet can get a list of the all signers known to the local system, determine which if any of those signers is trusted, and then the applet can relabel itself so it appears to have been signed by a trusted signer. The result is that the applet can completely evade Java's security mechanisms. JavaSoft says that the flaw will be fixed in the next release (1.1.2) of the JDK. The Netscape and Microsoft browsers are not affected, since they do not currently support the JDK 1.1 code-signing API. More details will appear here once the flaw has been fixed. Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- JDK 1.1.1 & HotJava 1.0 vulnerability Aleph One (Apr 30)