Oracle Netbeans 8.1 Gain privileges Directory traversal Vulnerability
7 Mar. 2017
vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project. .
Vulnerability in the NetBeans component of Oracle Fusion Middleware (subcomponent: Project Import).
The supported version that is affected is 8.1. Easily exploitable vulnerability allows high privileged attacker with logon
to the infrastructure where NetBeans executes to compromise NetBeans. While the vulnerability is in NetBeans, attacks may significantly
impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some
of NetBeans accessible data as well as unauthorized read access to a subset of NetBeans accessible data and unauthorized ability to cause
a partial denial of service (partial DOS) of NetBeans.
Vulnerability in way Netbeans processes ".zip" archives to be imported as project. If a user imports a malicious project
containing "../" characters the import will fail, yet still process the "../". we can then place malicious scripts outside of
the target directory and inside web root if user is running a local server etc...
It may be possible to then execute remote commands on the affected system by later visiting the URL and access our script if that
web server is public facing, if it is not then it may still be subject to abuse internally by internal malicious users. Moreover,
it is also possible to overwrite files on the system hosting vulnerable versions of NetBeans IDE.