ISDM: vulnerability in JRE (CVE-2013-0809, CVE-2013-1493)

Flash (Alert)


Abstract

The listed vulnerabilities apply to client side deployments of Java wherein untrusted code may be executed under a security manager.
IBM Tivoli Monitoring image of IBM Service Delivery Manager is affected.

Content

DESCRIPTION:

There are a number of vulnerabilities in the IBM JAVA SDK that affect various components (ORB, XML and JMX). The vulnerabilities allow the code running under a security manager to escalate its privileges by modifying or removing the security manager. Some of the issues must be combined in sequence to achieve an exploit.

The vulnerabilities can occur when the IBM JRE is installed as the system JRE, such that it may be used to execute untrusted Java applets or Web Start applications in a browser.

VULNERABILITY DETAILS:

CVE ID Description CVSS
CVE-2013-0809 Untrusted (sandboxed) code can exploit a buffer overflow in the AWT image component to gain direct read/write access to arbitrary memory addresses. The testcase / proof of concept we received from Oracle causes a crash. However, there is a possibility to remove the security manager by using a strategy similar to that of CVE-2013-1493, or the execution flow could be redirected to an area of memory that contains the malicious code.
The vulnerability is exploited by extending a part of Java SE API with a special class. The constructor of the class overwrites fields in the parent class with values that cause a buffer overflow during subsequent processing. It can only be achieved by malicious code running on the target machine.
10
CVE-2013-1493 Untrusted (sandboxed) code can exploit a buffer overflow in the Java 2D Color Management Module (CMM) to gain direct read/write access to arbitrary memory addresses. This capability can be used to overwrite and null the area of memory that contains the reference to the System security manager, thus escalating the untrusted privileges of the code. The “in-the-wild” exploit uses these privileges to download and install a trojan.
The vulnerability is exploited in a multi-step process, which can only be achieved by a malicious code running on the target machine.
10


For the most current description and CVSS of each vulnerability, see developerWorks JavaTM Technology Security Alerts at URL:

http://www.ibm.com/developerworks/java/jdk/alerts/

AFFECTED PRODUCTS AND VERSIONS:
IBM Service Delivery Manager 7.2.1
IBM Service Delivery Manager 7.2.2
IBM Service Delivery Manager 7.2.4

REMEDIATION:
Only IBM Tivoli Monitoring image of IBM Service Delivery Manager is affected. See this security bulletin for IBM Tivoli Monitoring for remediation - http://www-01.ibm.com/support/docview.wss?uid=swg24035138.

Workaround(s):
None.

Mitigation(s):
None

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Service Delivery Manager

Software version:

7.2.1, 7.2.2, 7.2.4

Operating system(s):

AIX, Linux, Windows

Reference #:

1646389

Modified date:

2013-10-30

Translate my page

Machine Translation

Content navigation