Sun Java Runtime Environment calendar objects privilege escalation (Java_Malicious_Applet)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), Proventia Network MFS, RealSecure Server Sensor, Proventia-G 1.1 and earlier, IBM Security Host Protection for Desktops, Proventia Network IDS, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia Server IPS for Linux technology, Proventia Network IPS, Virtual Server Protection for Vmware:

This signature analyzes Java applet class files and computes a threat level heuristic representing likely potential for malicious activity.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2810, Proventia Network MFS: XPU 32.100, RealSecure Server Sensor: XPU 32.100, Proventia-G 1.1 and earlier: XPU 32.100, IBM Security Host Protection for Desktops: 2810, Proventia Network IDS: XPU 32.100, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 32.100, Proventia Network IPS: XPU 32.100, Virtual Server Protection for Vmware: XPU 32.100

Systems affected

HP HP-UX: B.11.11, Novell Linux Desktop: 9, SuSE SuSE SLES: 9, HP HP-UX: B.11.23, Sun JRE: 1.4.2, Sun JRE: 1.5.0, Sun SDK: 1.4.2, Sun JDK: 1.6.0 Update1, Sun JDK: 1.6.0 Update2, Sun JDK: 1.6.0 Update1 B06, Sun JDK: 1.5.0 Update9, Sun JDK: 1.5.0 Update8, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update12, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0 Update11 B03, Sun JDK: 1.5.0 Update1, Sun JDK: 1.5.0, Novell Open Enterprise Server, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update15, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update2, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update3, Sun JRE: 1.5.0 Update1, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update9, Sun JRE: 1.4.2 Update6, Sun JRE: 1.4.2 Update7, Sun JRE: 1.4.2 Update5, Sun JRE: 1.5.0 Update12, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update13, Sun JRE: 1.5.0 Update2, Sun JRE: 1.6.0 Update2, Sun JRE: 1.6.0 Update1, Sun JRE: 1.5.0 Update6, Sun JRE: 1.5.0 Update5, Sun JRE: 1.6.0 Update3, Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_08, Sun SDK: 1.4.2_03, Sun SDK: 1.4.2_15, Sun SDK: 1.4.2_10, Novell OpenSUSE: 10.3, RedHat RHEL Supplementary: 5.2.z EUS, Sun JRE: 1.4.2 Update16, Sun SDK: 1.4.2_16, Sun SDK: 1.4.2_02, Sun SDK: 1.4.2_04, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_06, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_01, Sun JRE: 1.5.0 Update14, Sun JDK: 1.5.0 Update14, Sun JRE: 1.6.0 Update4, Sun JRE: 1.6.0 Update5, Sun JDK: 1.6.0 Update6, Sun JDK: 1.6.0 Update5, Sun JDK: 1.6.0 Update4, Sun JDK: 1.6.0 Update3, Sun JRE: 1.6.0 Update6, Sun JDK: 1.5.0 Update15, Sun JRE: 1.5.0 Update15, Sun SDK: 1.4.2_17, Sun JRE: 1.4.2 Update17, HP OpenView Network Node Manager: 7.53, Novell SUSE Linux Enterprise Server: 10 SP2, Novell SUSE Linux Enterprise Desktop: 10 SP2, Novell SLE SDK: 10 SP2, Novell OpenSUSE: 11.0, Novell Linux POS: 9, HP OpenView Network Node Manager: 7.51, Sun JRE: 1.5.0 Update3, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Sun SDK: 1.4.2_11, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_14, Sun JRE: 1.5.0 Update10, Sun JRE: 1.5.0 Update11, Sun JRE: 1.6.0, Sun JDK: 1.6.0, Sun JRE: 1.5.0 Update9, Sun JDK: 1.5.0 Update11, Sun JRE: 1.5.0 Update8, Sun JRE: 1.5.0 Update7, Sun JDK: 1.5.0 Update10, HP HP-UX: B.11.31, RedHat Red Hat Enterprise Linux: 4.7.z Extras, RedHat Network Satellite Server: 5.2 RHEL 4, RedHat RHEL Supplementary: 5.3.z EUS, RedHat Network Satellite Server: 5.2 RHEL 5, Sun JRE: 1.6.0 Update10, Sun JDK: 1.6.0 Update7, Sun JRE: 1.6.0 Update9, Sun JRE: 1.6.0 Update7, Sun JRE: 1.6.0 Update8, Sun JDK: 1.6.0 Update9, Sun JDK: 1.6.0 Update10, Sun JDK: 1.6.0 Update8, Sun SDK: 1.4.2_18, Sun JRE: 1.4.2 Update18, Sun JDK: 1.5.0 Update16, Sun JRE: 1.5.0 Update16, Canonical Ubuntu: 8.10, Sun JDK: 1.5.0 Update13

Type

Unauthorized Access Attempt

Vulnerability description

Sun Java Runtime Environment (JRE) could allow untrusted applets and applications to gain elevated privileges on the system, caused by a vulnerability related to "deserializing calendar objects".

How to remove this vulnerability

Refer to Sun Alert ID: 244991 for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Sun Alert ID: 244991
A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

NORTEL BULLETIN ID: 2009009294, Rev 1
Nortel: Technical Support: Nortel Response to Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

HP Security Bulletin HPSBUX02411 SSRT080111 rev.1
HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01683026

milw0rm.com [2009-05-20]
Mac OS X Java applet Remote Deserialization Remote PoC
http://milw0rm.com/exploits/8753

HP Security Bulletin HPSBMA02486 SSRT090049 rev.1
HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725

ISS X-Force
Sun Java Runtime Environment calendar objects privilege escalation
http://www.iss.net/security_center/static/47059.php

CVE
CVE-2008-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353