Security Bulletin
Summary
The listed vulnerabilities apply to client side deployments of Java wherein untrusted code may be executed under a security manager. Only IBM Tivoli Monitoring image of IBM Service Delivery Manager is affected.
Vulnerability Details
There are a number of vulnerabilities in the IBM JAVA SDK that affect various components (ORB, XML and JMX). The vulnerabilities allow the code running under a security manager to escalate its privileges by modifying or removing the security manager. Some of the issues must be combined in sequence to achieve an exploit.
The vulnerabilities can occur when the IBM JRE is installed as the system JRE, such that it may be used to execute untrusted Java applets or Web Start applications in a browser.
CVE ID: CVE-2013-0809
Description: Untrusted (sandboxed) code can exploit a buffer overflow in the AWT image component to gain direct read/write access to arbitrary memory addresses. The testcase / proof of concept we received from Oracle causes a crash. However, there is a possibility to remove the security manager by using a strategy similar to that of CVE-2013-1493, or the execution flow could be redirected to an area of memory that contains the malicious code.
The vulnerability is exploited by extending a part of Java SE API with a special class. The constructor of the class overwrites fields in the parent class with values that cause a buffer overflow during subsequent processing. It can only be achieved by malicious code running on the target machine.
CVSS Base Score: 10
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE ID: CVE-2013-1493
Description: Untrusted (sandboxed) code can exploit a buffer overflow in the Java 2D Color Management Module (CMM) to gain direct read/write access to arbitrary memory addresses. This capability can be used to overwrite and null the area of memory that contains the reference to the System security manager, thus escalating the untrusted privileges of the code. The “in-the-wild” exploit uses these privileges to download and install a trojan.
The vulnerability is exploited in a multi-step process, which can only be achieved by a malicious code running on the target machine.
CVSS Base Score: 10
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Affected Products and Versions
IBM Service Delivery Manager 7.2.1, 7.2.2, 7.2.4
Remediation/Fixes
Only IBM Tivoli Monitoring image of IBM Service Delivery Manager is affected.
Apply the fix supplied in document 4035138: IBM Tivoli Monitoring 6 JRE Update (6.X.X-TIV-ITM_JRE_TEP-20130726) for remediation.
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21646389