::: Welcome to DrayTek MyVigor Website - http://myvigor.draytek.com :::

Java Deployment Toolkit Performs Insufficient Validation of Parameters

D-SWAT

A new Java flaw was posted last Friday morning. Java Deployment Toolkit performs insufficient validation of parameters and allows attacker to perform several attacks. you are affected by this flaw if you have a recent version of Java running on a Windows system.

US-CERT announced:
The Sun Java Deployment Toolkit contains an NPAPI (Netscape compatible) plugin and an ActiveX control which are installed in the end user's browser(s). The toolkit contains a launch() method which can be used to pass a Java Networking Launching Protocol (JNLP) URL to the registered handler for JNPL files. On Windows systems, the default handler is the Java Web Start utility, javaws.exe.

As detailed here, because the launch() method performs insufficient argument validation of the URL, arbitrary arguments can be passed to javaws.exe. This includes the '-J' option, which can allow an attacker to execute a remote JAR file.

JavaWS is included in the JRE, so the vulnerability affects all applications that using JRE, including Internet Explorer, Mozilla Firefox and Google Chrome.

Affected Softwares:

All versions since Java SE 6 update 10 for Microsoft Windows.

Workarounds:

1. for Internet Explorer users:
setting the killbit on CLSID={CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}. (Killbit setting reference)

2. for Mozilla Firefox and other NPAPI based browser users:
Use Access Control Lists(ACLs) to prevent access to npdeploytk.dll.

Disabling the java plugin is not sufficient to prevent exploitation, as the toolkit is installed independently.

References:

http://seclists.org/fulldisclosure/2010/Apr/119
http://www.kb.cert.org/vuls/id/886582
http://threatpost.com/en_us/blogs/serious-new-java-flaw-affects-all-browsers-040910
http://www.reversemode.com/index.php?option=com_content&task=view&id=67&Itemid=1

The information from DrayTek Corp.

About DrayTek

DrayTek Corp., founded in 1997, is a global provider of comprehensive network security, remote access and VoIP solutions for residential/small office and Small and Medium Enterprises(SME) use. To meet the needs of customers for quality and cost-effectiveness, DrayTek, with technologies integrated with real-time Anti-Virus/Anti-Intrusion system, VPN, VoIP and xDSL broadband access, has successfully delivered total network protection worldwide. For more information, please visit the company's website at http://www.draytek.com.

Press Contact:
DrayTek Marketing Dept.
press@draytek.com