Nytro Posted January 23, 2013 Report Posted January 23, 2013 Security Vulnerabilities in Java SETechnical ReportVer. 1.0.2SE-2012-01 ProjectINTRODUCTIONJava has been within our interest for nearly a decade. We've been breaking it with successes since 2002 and are truly passionate about it. Regardless of the many changes that had occurred in the Rich Internet Application's1 space, Java is still present in the vast number of desktop computers. According to some published data2, Java is installed on 1.1 billion desktops and there are 930 million Java Runtime Environment downloads each year. These numbers speak for themselves and it's actually hard to ignore Java when it comes to the security of PC computers these days. Java is also one of the most exciting and difficult to break technologies we have ever met with. Contrary to the common belief, it is not so easy to break Java. For a reliable, non memory corruption based exploit codes, usually more than one issue needs to be combined together to achieve a full JVM sandbox compromise. This alone is both challenging and demanding as it usually requires a deep knowledge of a Java VM implementation and the tricks that can be used to break its security.The primary goal of this paper is to present the results of a security research project (codenamed SE-2012-013) that aimed to verify the state of Java SE security in 2012. Although, it includes information about new vulnerabilities and exploitation techniques, it relies on the results obtained and reported to the vendor4 back in 2005. The techniques and exploitation scenarios discovered seven years ago are still valid for Java. What’s even more surprising is that multiple new instances of certain type of vulnerabilities could be found in the latest 7th incarnation of Java SE software. The other goal of this paper is to educate users, developers and possibly vendors about security risks associated with certain Java APIs. We also want to show the tricky nature of Java security. In the first part of this paper, quick introduction to Java VM security architecture and model will be made. It will be followed by a brief description of Reflection API, its implementation and shortcomings being the result of certain design / implementation choices. We will discuss in a detail the possibilities for abuse Reflection API creates. The second part of the paper will present exploitation techniques and vulnerabilities found during SE-2012-01 project. We will show how single and quite innocent looking Java security breaches can lead to serious, full-blown compromises of a Java security sandbox. Technical details of sample (most interesting) vulnerabilities that were found during SE-2012-01 research project will be also presented. The paper will wrap up with a few summary words regarding security of Java technology and its future.Download:http://www.security-explorations.com/materials/se-2012-01-report.pdf Quote
