14 DAY TRIAL // Researchers from Security Explorations have identified a total of nine ways to completely bypass the IBM Java sandbox. Of these nine exploits, five are new ones and four are old issues that haven’t been properly addressed.
According to Adam Gowdiak, the founder and CEO of the Polish security firm, the five new full sandbox bypass exploits are based on a total of seven vulnerabilities. In addition, each of the four old improperly fixed issues can be leveraged for a full sandbox bypass.
The old bugs were reported by Security Explorations to IBM back in September 2012. The company addressed them soon after.
However, the experts found that the attacks still worked after they made a couple of modifications to the exploit code.
“The problem with IBM fixes is that they aim to detect only one specific exploit vector and miss many other scenarios,” Gowdiak told Softpedia.
As far as the new security holes are concerned, the expert says most of them are caused by the “insecure use or implementation” of the Java Reflection API.
Proof of concept codes have been developed for each of the vulnerabilities.
“Each of them demonstrates a complete IBM J9 Java VM security sandbox bypass. Each of them was verified to work in the environment of the following version of IBM software: IBM SDK, Java Technology Edition, Version 7.0 SR4 FP1 for Linux (32-bit x86), build pxi3270sr4fp1-20130325_01(SR4 FP1),” Gowdiak added.
IBM has been provided with vulnerability details along with source and binary codes for the POCs.
Last week, we learned of the existence of an arbitrary code execution flaw in IBM Notes. IBM has released an interim fix for the issue.
However, Gowdiak highlights the fact that these latest flaws are interesting in the context of the IBM Notes vulnerability because Java can be embedded in Notes emails.