Saltar a la navegación Saltar al contenido principal Ir al pie de página

Oracle Java Installer Adds a System Path Which is Writable by All

Vulnerability Summary

Title:            Oracle Java Installer Adds a System Path Which is Writable by All Users

Release Date:      21 January 2015

Reference:         NCC00767

Discoverer:        Edd Torkington

Vendor:              Oracle

Vendor Reference:  S0514586

Systems Affected:  Oracle Java 8 Version 25

CVE Reference:     CVE-2015-0421

Risk:                High

Status:            Fixed

Resolution Timeline

Discovered:        18 November 2014

Reported:          18 November 2014

Released:          21 November 2014

Fixed:             20 January 2015

Published:         21 January 2015

Vulnerability Description

“Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops and servers, as well as in today’s demanding embedded environments. Java offers the rich user interface, performance, versatility, portability, and security that today’s applications require.”

The Oracle Java Version 8 update 25 installer was found to add a system path which was writable by all users.

Technical Details

The vulnerability can be confirmed as shown below:

C:>path

PATH=C:ProgramDataOracleJavajavapath;C:Progra….

C:>cacls C:ProgramDataOracleJavajavapath

C:ProgramDataOracleJavajavapath NT AUTHORITYSYSTEM:(OI)(CI)(ID)F

                                    BUILTINAdministrators:(OI)(CI)(ID)F

                                    CREATOR OWNER:(OI)(CI)(IO)(ID)F

                                    BUILTINUsers:(OI)(CI)(ID)R

                                    BUILTINUsers:(CI)(ID)(special access:)

                                                          FILE_WRITE_DATA

                                                          FILE_APPEND_DATA

                                                          FILE_WRITE_EA                                      

FILE_WRITE_ATTRIBUTES

This would allow an attacker to trivially elevate privileges by abusing processes with high privileges which rely on or load components from the system path.

Fix Information

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

NCC Group

Twitter:         @NCCGroupInfoSec

Open Source:  https://github.com/nccgroup

Blog:             /en/blog/cyber-security/

SlideShare:     http://www.slideshare.net/NCC_Group/