Information and Crash the Browser
Version(s): 7.54; prior versions may be affected
Description: Several vulnerabilities were reported in Opera in the Java sandbox mechanism. An applet can gain elevated privileges to access local information or cause the browser to crash.
Marc Schonefeld from illegalaccess.org reported that a remote user can create a Java applet that, when loaded by the target user, can exploit a number of flaws in the system.
It is reported that Opera's custom Java plugin has a flaw in the default Java policy configuration.
The policy grants applets access to internal sun-packages:
permission java.lang.RuntimePermission "accessClassInPackage.sun.*";
This access may let the applet invoke potentially destructive behavior or cause crashes.
It is also reported that the JRE version included with Opera is version 1.4.2_04, which is affected by a previously reported XSLT vulnerability.
It is also reported that the EcmaScriptObject public class in 'opera.jar' allows an applet to access a system memory pointer. A malicious applet can cause the browser to crash.
It is also reported that a malicious applet can monitor the URL classpath of the bootstrap class path to determine the JDK installation directory.
It is also reported that an applet can invoke the sun.security.krb5.Credentials class to determine the name of the currently logged in user and parse the user's home directory. An exception thrown by acquireDefaultCreds may let the applet determine the underlying operating system, the location of user files, and the username of the user running the applet.
It is reported that some other similar flaws exist but were not described in the report.
The vendor was notified on September 1, 2004.
Impact: A malicious applet can access user and system information and cause the target browser to crash.
Solution: The vendor has released a fixed version (7.60 beta).
eTrust EZ Antivirus Password Protection Can Be Bypassed By Local Users
Version(s): prior to 220.127.116.11
Description: A vulnerability was reported in Computer Associates eTrust EZ Antivirus. A local user can bypass the GUI password protection feature.
The vendor reported that the proxy password in the GUI can be recovered by the local user.
Cengiz Aykanat is credited with discovering this flaw.
The vendor was notified on October 26, 2004.
Impact: A local user can obtain the password and use the password to access the application.
Solution: The vendor has issued a fixed version (18.104.22.168 or later).