Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Prompted by Oracle Rejection, Researcher Finds Five New Java Sandbox Vulnerabili

msm1267 (2804139) writes | about a year and a half ago

Java 0

msm1267 (2804139) writes "Giving a prolific bug hunter an excuse to go poking deeper into a potential security issue generally doesn’t end well or the vendor in question—in this case Oracle. Polish security firm Security Explorations, noteworthy for its Java security research, said today it reported five new vulnerabilities in Java SE 7 to Oracle. If combined, researcher Adam Gowdiak said, they can be used to gain a complete bypass of the Java sandbox. The deeper look stemmed from a recent submission the company made to Oracle on Feb. 25 of two vulnerabilities that when used in conjunction could also bypass the sandbox. Gowdiak said Oracle dismissed one of the issues he reported, which he labels Issue 54, and called it “allowed behavior,” rather than a vulnerability. It confirmed the other. “We confirmed that company's initial judgment of Issue 54 as the ‘allowed behavior’ contradicts both Java SE documentation as well as existing security checks in code,” he said. “It looks Oracle needs to either start treating Issue 54 as a vulnerability or change the docs and relax some of the existing security checks.""
Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>