IBM Java Sandbox Bypass

Monday, May 6, 2013 @ 09:05 PM gHale


Apparently there are nine ways to completely bypass the IBM Java sandbox, and five are brand new exploits and four are old issues the company did not properly address.

The five new full sandbox bypass exploits end up based on seven vulnerabilities, said Adam Gowdiak, the founder and chief executive of Security Explorations. In addition, each of the four old improperly fixed issues can also end up leveraged for a full sandbox bypass.

RELATED STORIES
Java Patched; New Holes Found
Malware Attacks Hit Constantly
Trojan Hides in File, Evades Sandbox
Malware Uses Note Taking Service

The Polish security firm reported the old bugs to IBM back in September and the IT giant addressed them soon after.

However, the researchers found the attacks still worked after they made a couple of modifications to the exploit code.

“The problem with IBM fixes is that they aim to detect only one specific exploit vector and miss many other scenarios,” Gowdiak said.

As far as the new security holes are concerned, Gowdiak said most of them are caused by the “insecure use or implementation” of the Java Reflection API.

It is possible to develop proof of concept codes for each of the vulnerabilities.

“Each of them demonstrates a complete IBM J9 Java VM security sandbox bypass. Each of them was verified to work in the environment of the following version of IBM software: IBM SDK, Java Technology Edition, Version 7.0 SR4 FP1 for Linux (32-bit x86), build pxi3270sr4fp1-20130325_01(SR4 FP1),” Gowdiak said.

Once again, IBM has the vulnerability details along with source and binary codes for the POCs.

In addition to this issue, last week, an arbitrary code execution flaw in IBM Notes came to light. IBM released an interim fix for the issue.

However, Gowdiak highlights the fact these latest flaws are interesting in the context of the IBM Notes vulnerability because Java can embed into Notes emails.



Leave a Reply

You must be logged in to post a comment.