RISKS: Princeton discovers another Netscape security flaw

Posted on RISKS: ---------------------------------------------------------------------- Date: Fri, 22 Mar 1996 17:27:56 -0500 From: Ed Felten <felten@CS.Princeton.EDU> Subject: Java/Netscape security flaw We have discovered another serious security flaw in the Java programming language, which allows a malicious Java applet running under Netscape Navigator (version 2.0 or 2.01) to execute arbitrary machine code. We have implemented an applet that exploits the flaw to remove a file. Until a fix is issued, Netscape users can protect themselves by disabling Java in the Security Preferences dialog. At present we are not releasing technical details about the flaw. We will announce the full details later; some of the details will also appear in our upcoming paper in the proceedings of the IEEE Symposium on Security and Privacy, to be published in May. Our paper also contains an overall analysis of Java's security. For an advance copy of the paper, send mail to felten@cs.princeton.edu. The paper will be available in about a week. [Note that the "security enhancements" announced by Netscape in version 2.01 of Netscape Navigator do not fix this flaw. They fix two separate flaws found last month, one found by us (RISKS-17.77) and independently by Steve Gibbons, and the other found by David Hopwood (RISKS-17.83).] For more information, see http://www.cs.princeton.edu/~ddean/java, or contact Ed Felten at (609) 258-5906 or felten@cs.princeton.edu. Drew Dean, Ed Felten, Dan Wallach, Dept of Computer Science, Princeton Univ. [See the CIAC item at the end of this issue for some background on the earlier problems. PGN] ------------------------------ ------------------------------------------------------------------------- Steven Weller | Weller's three steps to Greatness: | 1. See what others cannot | 2. Think what others cannot stevenw@best.com | 3. Express what others cannot

A pound to a bucket of ferrets this is another visit from our good friends Capt. Overrun and the static buffers, in which case it's more an indictment of C Simon --- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO

Steven Weller writes:
Posted on RISKS:
From: Ed Felten <felten@CS.Princeton.EDU>
We have discovered another serious security flaw in the Java programming language,
There is only one way to fix Java -- which is to turn it off. The hubris of the people who created it truly astounds me. After the current flurry of obvious holes gets patched is the point when I'm really going to worry, because thats when people are going to get complacent until the one day when the big flaw is found by the good guys, months after the bad guys found it. Java security depends on 1) Perfect security model 2) Perfect implementation of the perfect security model 3) Nothing else in the surrounding system somehow undermining the perfect implementation of the perfect security model. I don't believe humans are perfect. When you design a system on the basis that humans are imperfect, and you cut out functionality until you can fully understand the system (say, because the sources are down to a single page of C) and you try to restrict the damage that any possible failure mode could provide, you will still sometimes make mistakes, but at least they won't be too bad or too frequent. When you build something large and complex, and you require that the entire thing work for you to be secure, there are just too many failure modes. Perry
participants (3)
-
Perry E. Metzger
-
Simon Spero
-
stevenw@best.com