Full Disclosure mailing list archives

Re: [SE-2012-01] information regarding recently discovered Java 7 attack

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 31 Aug 2012 11:26:47 -0400

On Wed, Aug 29, 2012 at 5:20 PM, Security Explorations
<contact () security-explorations com> wrote:


On 2012-08-29 23:04, Tim wrote:

Based on the details released so far about the exploit in the wild,
how likely do you think it is that your research may have been leaked?


Currently, it looks more like an independent work than a leak to me.
The way in which SunToolkit class and its getField method is used
to achieve a complete JVM sandbox bypass is different from what was
demonstrated to Oracle (different exploitation path).

A good explaination of the vulnerability is here: "The new Java 0Day
examined," http://www.h-online.com/security/features/The-new-Java-0day-examined-1677789.html.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 28)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
  - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 29)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jacqui Caren (Aug 30)
- Re: [SE-2012-01] information regarding recently discovered Java 7 attack Tim (Aug 29)
  - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Security Explorations (Aug 31)
    - Re: [SE-2012-01] information regarding recently discovered Java 7 attack Jeffrey Walton (Aug 31)
- [SE-2012-01] New security issue affecting Java SE 7 Update 7 Security Explorations (Aug 31)