Sun Java Runtime Environment calendar objects privilege escalation (Java_Malicious_Applet)

About this signature or vulnerability

IBM Security Network Protection, IBM Security Host Protection for Servers (Unix), Virtual Server Protection for Vmware, Proventia Network IPS, Proventia Server IPS for Linux technology, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor:

This signature analyzes Java applet class files and computes a threat level heuristic representing likely potential for malicious activity.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2, Virtual Server Protection for Vmware: XPU 32.100, Proventia Network IPS: XPU 32.100, Proventia Server IPS for Linux technology: 32.100, Proventia Network IDS: XPU 32.100, Proventia-G 1.1 and earlier: XPU 32.100, Proventia Network MFS: XPU 32.100, IBM Security Host Protection for Desktops: 2810, IBM Security Host Protection for Servers (Windows): 2.1.14.2810, RealSecure Server Sensor: XPU 32.100

Systems affected

HP HP-UX: B.11.11, HP HP-UX: B.11.23, SuSE SuSE SLES: 9, Sun JRE: 1.4.2, Sun JRE: 1.5.0, Sun SDK: 1.4.2, Novell Linux Desktop: 9, Sun JRE: 1.5.0 Update3, RedHat RHEL Extras: 3, RedHat RHEL Extras: 4, Novell Linux POS: 9, HP OpenView Network Node Manager: 7.51, HP HP-UX: B.11.31, Sun JRE: 1.6.0, Sun JDK: 1.6.0, Sun JDK: 1.5.0 Update10, Sun JDK: 1.5.0 Update11, Sun JRE: 1.5.0 Update7, Sun JRE: 1.5.0 Update8, Sun JRE: 1.5.0 Update9, Sun JRE: 1.5.0 Update10, Sun JRE: 1.5.0 Update11, Sun SDK: 1.4.2_11, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_14, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Novell Open Enterprise Server, Sun JDK: 1.5.0, Sun JDK: 1.5.0 Update1, Sun JDK: 1.5.0 Update11 B03, Sun JDK: 1.5.0 Update12, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update8, Sun JDK: 1.5.0 Update9, Sun JDK: 1.6.0 Update1, Sun JDK: 1.6.0 Update1 B06, Sun JDK: 1.6.0 Update2, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update15, Sun JRE: 1.4.2 Update2, Sun JRE: 1.4.2 Update3, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update5, Sun JRE: 1.4.2 Update6, Sun JRE: 1.4.2 Update7, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update9, Sun JRE: 1.5.0 Update1, Sun JRE: 1.5.0 Update12, Sun JRE: 1.5.0 Update13, Sun JRE: 1.5.0 Update2, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update5, Sun JRE: 1.5.0 Update6, Sun JRE: 1.6.0 Update1, Sun JRE: 1.6.0 Update2, Sun JRE: 1.6.0 Update3, Sun SDK: 1.4.2_03, Sun SDK: 1.4.2_08, Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_10, Sun SDK: 1.4.2_15, Novell OpenSUSE: 10.3, RedHat RHEL Supplementary: 5.2.z EUS, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Desktop: 10 SP2, Novell SLE SDK: 10 SP2, Novell SUSE Linux Enterprise Server: 10 SP2, HP OpenView Network Node Manager: 7.53, Sun JRE: 1.6.0 Update6, Sun JRE: 1.5.0 Update15, Sun JDK: 1.5.0 Update15, Sun JRE: 1.4.2 Update17, Sun SDK: 1.4.2_17, Sun JDK: 1.6.0 Update3, Sun JDK: 1.6.0 Update4, Sun JDK: 1.6.0 Update5, Sun JDK: 1.6.0 Update6, Sun JRE: 1.6.0 Update4, Sun JRE: 1.6.0 Update5, Sun JDK: 1.5.0 Update14, Sun JRE: 1.5.0 Update14, Sun SDK: 1.4.2_04, Sun SDK: 1.4.2_02, Sun SDK: 1.4.2_16, Sun JRE: 1.4.2 Update16, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_06, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_01, Sun JDK: 1.5.0 Update13, Canonical Ubuntu: 8.10, Sun JDK: 1.5.0 Update16, Sun JRE: 1.5.0 Update16, Sun JRE: 1.6.0 Update7, Sun JRE: 1.6.0 Update8, Sun JRE: 1.6.0 Update9, Sun JRE: 1.6.0 Update10, Sun JDK: 1.6.0 Update7, Sun JDK: 1.6.0 Update8, Sun JDK: 1.6.0 Update9, Sun JDK: 1.6.0 Update10, Sun JRE: 1.4.2 Update18, Sun SDK: 1.4.2_18, RedHat Network Satellite Server: 5.2 RHEL 5, RedHat RHEL Supplementary: 5.3.z EUS, RedHat Red Hat Enterprise Linux: 4.7.z Extras, RedHat Network Satellite Server: 5.2 RHEL 4

Type

Unauthorized Access Attempt

Vulnerability description

Sun Java Runtime Environment (JRE) could allow untrusted applets and applications to gain elevated privileges on the system, caused by a vulnerability related to "deserializing calendar objects".

How to remove this vulnerability

Refer to Sun Alert ID: 244991 for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Sun Alert ID: 244991
A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

NORTEL BULLETIN ID: 2009009294, Rev 1
Nortel: Technical Support: Nortel Response to Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

HP Security Bulletin HPSBUX02411 SSRT080111 rev.1
HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01683026

milw0rm.com [2009-05-20]
Mac OS X Java applet Remote Deserialization Remote PoC
http://milw0rm.com/exploits/8753

HP Security Bulletin HPSBMA02486 SSRT090049 rev.1
HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725

ISS X-Force
Sun Java Runtime Environment calendar objects privilege escalation
http://www.iss.net/security_center/static/47059.php

CVE
CVE-2008-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353