Sun Java Runtime Environment calendar objects privilege escalation (Java_Malicious_Applet)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), Proventia Network MFS, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Host Protection for Desktops, IBM Security Host Protection for Servers (Unix), Proventia Network IPS, Proventia Server IPS for Linux technology, IBM Security Network Protection, Virtual Server Protection for Vmware:

This signature analyzes Java applet class files and computes a threat level heuristic representing likely potential for malicious activity.


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2810, Proventia Network MFS: XPU 32.100, RealSecure Server Sensor: XPU 32.100, Proventia-G 1.1 and earlier: XPU 32.100, Proventia Network IDS: XPU 32.100, IBM Security Host Protection for Desktops: 2810, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Network IPS: XPU 32.100, Proventia Server IPS for Linux technology: 32.100, IBM Security Network Protection: 5.1, Virtual Server Protection for Vmware: XPU 32.100

Systems affected

HP HP-UX: B.11.11, Novell Linux Desktop: 9, HP HP-UX: B.11.23, SuSE SuSE SLES: 9, Sun SDK: 1.4.2, Sun JRE: 1.4.2, Sun JRE: 1.5.0, Sun JDK: 1.5.0 Update6, Sun JDK: 1.5.0 Update5, Sun JDK: 1.5.0 Update4, Sun JDK: 1.5.0 Update3, Sun JDK: 1.5.0 Update2, Sun JDK: 1.5.0 Update1, Sun JDK: 1.5.0 Update12, Sun JDK: 1.5.0 Update11 B03, Sun JDK: 1.6.0 Update1, Sun JDK: 1.5.0 Update9, Sun JDK: 1.5.0 Update7, Sun JDK: 1.5.0 Update7 B03, Sun JDK: 1.5.0 Update8, Sun JDK: 1.6.0 Update2, Sun JDK: 1.6.0 Update1 B06, Sun JRE: 1.4.2 Update11, Sun JRE: 1.4.2 Update10, Sun JRE: 1.4.2 Update1, Sun JRE: 1.4.2 Update14, Sun JRE: 1.4.2 Update13, Sun JRE: 1.4.2 Update12, Sun JRE: 1.4.2 Update15, Sun JRE: 1.4.2 Update2, Sun JRE: 1.4.2 Update3, Sun JRE: 1.4.2 Update4, Sun JRE: 1.4.2 Update7, Sun JRE: 1.4.2 Update8, Sun JRE: 1.4.2 Update5, Sun JRE: 1.4.2 Update6, Sun JRE: 1.5.0 Update6, Sun JRE: 1.5.0 Update4, Sun JRE: 1.5.0 Update5, Sun JRE: 1.5.0 Update2, Sun JRE: 1.4.2 Update9, Sun JRE: 1.5.0 Update1, Sun JRE: 1.5.0 Update13, Sun JRE: 1.5.0 Update12, Sun JDK: 1.5.0, Novell Open Enterprise Server, RedHat RHEL Supplementary: 5.2.z EUS, Sun SDK: 1.4.2_07, Sun SDK: 1.4.2_06, Sun SDK: 1.4.2_01, Sun SDK: 1.4.2_16, Sun SDK: 1.4.2_02, Sun JRE: 1.4.2 Update16, Sun SDK: 1.4.2_05, Sun SDK: 1.4.2_04, Sun JRE: 1.5.0 Update14, Sun JDK: 1.6.0 Update4, Sun JDK: 1.6.0 Update5, Sun JDK: 1.5.0 Update14, Sun JRE: 1.6.0 Update5, Sun JDK: 1.6.0 Update6, Sun JRE: 1.6.0 Update4, Sun JDK: 1.5.0 Update13, Sun JRE: 1.5.0 Update15, Sun JRE: 1.4.2 Update17, Sun JDK: 1.5.0 Update15, Sun JRE: 1.6.0 Update6, HP OpenView Network Node Manager: 7.53, Sun JDK: 1.6.0 Update3, Sun SDK: 1.4.2_17, Novell OpenSUSE: 11.0, Novell SUSE Linux Enterprise Server: 10 SP2, Novell SLE SDK: 10 SP2, Novell SUSE Linux Enterprise Desktop: 10 SP2, Sun JRE: 1.6.0 Update1, Sun SDK: 1.4.2_10, Sun SDK: 1.4.2_09, Sun SDK: 1.4.2_08, Sun SDK: 1.4.2_03, Sun JRE: 1.6.0 Update3, Sun JRE: 1.6.0 Update2, Sun SDK: 1.4.2_15, Novell OpenSUSE: 10.3, Novell Linux POS: 9, HP OpenView Network Node Manager: 7.51, Sun JRE: 1.5.0 Update3, RedHat RHEL Extras: 4, RedHat RHEL Extras: 3, RedHat RHEL Desktop Supplementary: 5 Client, RedHat RHEL Supplementary: 5 Server, Sun SDK: 1.4.2_12, Sun SDK: 1.4.2_13, Sun SDK: 1.4.2_11, Sun JRE: 1.5.0 Update11, Sun JRE: 1.5.0 Update10, Sun JRE: 1.5.0 Update8, Sun JDK: 1.5.0 Update11, Sun JRE: 1.5.0 Update9, Sun JRE: 1.5.0 Update7, Sun JDK: 1.5.0 Update10, Sun SDK: 1.4.2_14, Sun JDK: 1.6.0, HP HP-UX: B.11.31, Sun JRE: 1.6.0, RedHat Red Hat Enterprise Linux: 4.7.z Extras, RedHat Network Satellite Server: 5.2 RHEL 4, RedHat RHEL Supplementary: 5.3.z EUS, RedHat Network Satellite Server: 5.2 RHEL 5, Sun SDK: 1.4.2_18, Sun JDK: 1.6.0 Update10, Sun JRE: 1.4.2 Update18, Sun JDK: 1.6.0 Update9, Sun JDK: 1.6.0 Update7, Sun JDK: 1.6.0 Update8, Sun JRE: 1.6.0 Update9, Sun JRE: 1.6.0 Update10, Sun JRE: 1.6.0 Update8, Sun JRE: 1.5.0 Update16, Sun JRE: 1.6.0 Update7, Sun JDK: 1.5.0 Update16, Canonical Ubuntu: 8.10

Type

Unauthorized Access Attempt

Vulnerability description

Sun Java Runtime Environment (JRE) could allow untrusted applets and applications to gain elevated privileges on the system, caused by a vulnerability related to "deserializing calendar objects".

How to remove this vulnerability

Refer to Sun Alert ID: 244991 for patch, upgrade or suggested workaround information. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References

Sun Alert ID: 244991
A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

NORTEL BULLETIN ID: 2009009294, Rev 1
Nortel: Technical Support: Nortel Response to Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=

HP Security Bulletin HPSBUX02411 SSRT080111 rev.1
HP-UX Running Java, Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01683026

milw0rm.com [2009-05-20]
Mac OS X Java applet Remote Deserialization Remote PoC
http://milw0rm.com/exploits/8753

HP Security Bulletin HPSBMA02486 SSRT090049 rev.1
HP OpenView Network Node Manager (OV NNM) Java Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Execution of Arbitrary Code and Other Vulnerabilities
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02000725

ISS X-Force
Sun Java Runtime Environment calendar objects privilege escalation
http://www.iss.net/security_center/static/47059.php

CVE
CVE-2008-5353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5353