-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Reference: CERT-EU Security Advisory 2011-013
 
Title: Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
 
Version history:
15.11.2011 Initial publication
 

Summary
=======
 
Oracle Java SE is prone to a remote code-execution vulnerability [1]; Published Oct 18 2011
A commercial exploit is available for CORE IMPACT; urgency raised due to exploit availability.
 

CVE-2011-3544(Candidate)
 
Severity Level[3]: CVSS2 Base 10 
 
Remote              Yes
Local               No
Credibility         Vendor Confirmed
Ease                Exploit Available
Authentication      Not Required
 
 
 
Potential impact
================
 
An attacker can exploit this issue to bypass intended sandbox protections and execute arbitrary code with elevated privileges.
 

Impact Type: Allows unauthorized disclosure and modification of information and service disruption;
 
1. An attacker constructs a malicious Java application designed to 
exploit the issue.
 
2. The attacker tricks an unsuspecting victim to run or view a web page 
where the Java application is run.
 
3. When the application is run, attacker-supplied code is run in a privileged context.
 
 
 
Vulnerable Systems
==================
Among others:
 
OpenJDK OpenJDK 1.6.0 
OpenJDK OpenJDK 6 
Oracle Enterprise Linux 5 
Red Hat Enterprise Linux 7.0
Oracle Enterprise Linux 6 
Red Hat Enterprise Linux  6
Red Hat Desktop Extras 4 
Red Hat Enterprise Linux  5 server 
Oracle Enterprise Linux 5
 
Red Hat Enterprise Linux AS Extras 4 
Red Hat Enterprise Linux Desktop 5 client 
Red Hat Enterprise Linux Desktop 6 
Red Hat Enterprise Linux Desktop Optional 6 
Red Hat Enterprise Linux Desktop Supplementary 5 client 
Red Hat Enterprise Linux Desktop Supplementary 6 
Red Hat Enterprise Linux Extras  4 
Red Hat Enterprise Linux HPC Node 6 
Red Hat Enterprise Linux HPC Node Optional 6 
Red Hat Enterprise Linux HPC Node Supplementary 6 
Red Hat Enterprise Linux Server 6
Oracle Enterprise Linux 6+
Red Hat Enterprise Linux Server Optional 6 
Red Hat Enterprise Linux Server Supplementary 6 
Red Hat Enterprise Linux Supplementary 5 server 
Red Hat Enterprise Linux Workstation 6 
Red Hat Enterprise Linux Workstation Optional 6 
Red Hat Enterprise Linux Workstation Supplementary 6 
Red Hat Enterprise Linux WS Extras 4 
Red Hat Fedora 14 
Red Hat Fedora 15 
Red Hat Fedora 16 
Sun JDK (Linux Production Release) 1.6.x
Sun JDK (Linux Production Release) 1.7.0
Sun JDK (Solaris Production Release) 1.6.x 
Sun JDK (Solaris Production Release) 1.7.0
Sun JDK (Windows Production Release) 1.6.x
Sun JDK (Windows Production Release) 1.7.0 
Sun JRE (Linux Production Release) 1.6.x
Sun JRE (Linux Production Release) 1.7
Sun JRE (Solaris Production Release) 1.6.x
Sun JRE (Solaris Production Release) 1.7
Sun JRE (Windows Production Release) 1.6.x
Sun JRE (Windows Production Release) 1.7
 

 
What can you do?
================
 
Solutions:
 
Fixes are available [2].
 
Work-arounds:
 
Set web browser security to disable the execution of script code or active content.
Disabling the execution of script code in the browser may limit exposure to this and other latent vulnerabilities.
 
Run all software as a nonprivileged user with minimal access rights.
To limit the impact of latent vulnerabilities, configure applications to run as a nonadministrative user with minimal access rights.
 
 
 
What to tell your users?
========================
Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources users and to be aware not to click on the link in suspicious emails; to immediately forward the email to the respective IT security officer / contact in your institution.
 
 
More information
================
[1] http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
[2] http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
 
[3] CVSS details:  
CVSS Version 2 Scores
CVSS2 Base          10
CVSS2 Temporal      8.3
CVSS2 Base Vector   AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS2 Temporal VectorE:F/RL:OF/RC:C
 

More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html
 
 
 
Best regards,
 
CERT-EU Pre-configuration Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 
 
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39
 
iQJXBAEBAgBBBQJOwjnJOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp
b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4PQtA/8CwavgheK
3m1goMJWJCzugovQKOCBLT8jMT0GGXoIgBT47IQFc4R7YtJjJVrORXcBdghj/aFy
y4Q7g03fdXQtQ+qjYbSQM5EJ7+Q/K9sK0BIQ5X4YAk5I85WsZMMBClWz5vhsBim3
bvrYuRY9XdeWcz8p4qv+O8vaU6XfNldUrPRQ8+dji71HUNwaNpHPeLJBAKgcX9Nn
tQIWYMtM0Eiq232Z7CRwWtTjti+9+34Wlyov/eVJ6NaMKb4ROyAU0bn2LDDARKbD
ZyzifBGG0W940OpopfMmk1X8vv8ulvAnU9AhSrTfDcx3GemfH+XsxdiqkfA5waSG
jEWiyZBCRylJtSPicdXrIZdbe+WGH/E80xsJZObZCM9yNXjgzRYLv+hqKaclnMiX
GbUyup2fVFAQQ9u8qtxrW+sqZ7MvBpEFXSLoHYQOkh7lvdJkCmL1HhwUpBGlfcDg
nyGg87Ull5G0G/U2ueU2UksdliiTG9N65qXBUOPU1iJWrcaRkwLQqroCPwfufjR+
m56t3TAydRWBvUsXQjOe2XrRHq/6dEX9TpiJFt1KY5F7DsWE7JCkcrLJ1yPe2qTr
VvRgGf7dtXRaT1K9QIql9H7H+5DGNFaYrcT/+GQZXAlGoiZuYrCooTuz8lpb+4C/
QNwuwRxY/Gt1e4a6hLGLngi3U2ATr/FfmSk=
=TNFs
-----END PGP SIGNATURE-----