Quantcast
Channel: BOT24
Viewing all articles
Browse latest Browse all 8064

"Details of issues fixed by Java SE 7 Update 21" follow up comments from yesterdays post via Security Explorations

$
0
0

We wanted to add the following information to our yesterday post.

We've learned that RedHat's Bugzilla associates CVE-2013-1537 [1]
with the RMI issue allowing for a remote loading and execution of
arbitrary Java code on servers [2].

It looks that Oracle has finally patched RMI vulnerability that
was known to the vendor since 2005. What's also interesting is
that a fix for it is now highlighted by Oracle as a new security
feature of Java [3].

We can't decide what is more surprising to us:
1) finding out that Oracle finally admitted that Java security
issues could affect servers as well (so far the Plugin was
the source of all evilness),
2) learning that at Oracle, "every developer is a security
rifleman", "trained on security" [4].

Thank you.

Best Regards,
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] CVE-2013-1537 OpenJDK: remote code loading enabled by default
https://bugzilla.redhat.com/show_bug.cgi?id=952387
[2] "Security Vulnerabilities in Java SE", technical report
http://www.security-explorations.com/materials/se-2012-01-report.pdf
[3] Java SE 7 Update 21 Release and more
https://blogs.oracle.com/java/entry/java_se_7_update_21
[4] Oracle Secures Java with 41 Updates, Code Signing

http://www.esecurityplanet.com/network-security/oracle-secures-java-with-41-updates-code-signing.html





//The information contained within this publication is





//supplied "as-is"with no warranties or guarantees of fitness





//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts





//responsibility for any damage caused by the use or misuse of





//this information








Viewing all articles
Browse latest Browse all 8064

Trending Articles