IV02648: SIGNED OBJECTS MODIFIED BY UNTRUSTED CODE

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Error Message: A flaw was found in the way signed objects were
    deserialized. If trusted and untrusted code were running in the
    same Java Virtual Machine (JVM), and both were deserializing the
    same signed object, the untrusted code could modify said object
    by using this flaw to bypass the validation checks on signed
    objects.
    .
    Stack Trace: N/A
    .
    

Local fix

Problem summary

  • This problem happened when trusted and untrusted code were
    running in the same Java Virtual Machine (JVM), and both were
    deserializing the same signed object, the untrusted code could
    modify said object by using this flaw to bypass the validation
    checks on signed objects.
    

Problem conclusion

  • This defect will be fixed in:
    6.0.0 SR9 FP2
    .
    The implementation has been updated to avoid this hack.
    .
    To obtain the fix:
    Install build 20110319 or later
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV02648

  • Reported component name

    JAVA CLASS LIBS

  • Reported component ID

    620700130

  • Reported release

    600

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2011-06-30

  • Closed date

    2011-06-30

  • Last modified date

    2011-07-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA CLASS LIBS

  • Fixed component ID

    620700130

Applicable component levels

  • R600 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Runtimes for Java Technology
Java Class Libraries

Software version:

6.0

Reference #:

IV02648

Modified date:

2011-07-09

Translate my page

Machine Translation

Content navigation