Java Web Start Vulnerability (July 25, 2008)

July 25, 2008

Java Web Start is a framework developed by Sun Microsystems. Unlike Java applets, Web Start applications do not run inside the browser, which allows an application to implement richer functionality while still preserving sandbox-level security. Java Network Launching Protocol (JNLP) is an XML-based protocol that specifies how Java Web Start applications are launched.

There exists a stack based buffer overflow vulnerability in Sun Java Web Start. The vulnerability, which has been assigned CVE-2008-3111, is due to improper handling of attributes of the j2se element within a JNLP file. More specifically, the vulnerable code copies the values of “initial-heap-size” and “max-heap-size” using a sprintf() function without validating the size of those values. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted JNLP file, potentially causing arbitrary code to be injected and executed in the context of the current user.

SonicWALL has developed 2 IPS signatures for this vulnerability:

• 5120 Java Web Start JNLP File initial-heap-size BO Attempt
• 5121 Java Web Start JNLP File max-heap-size BO Attempt

These signatures detect and prevent malicious JNLP files from reaching the internal network.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.