|
|
|
<?xml version="1.0" encoding="utf-8"?>
|
|
|
|
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
|
|
|
|
<glsa id="200411-38">
|
|
|
|
<title>Sun and Blackdown Java: Applet privilege escalation</title>
|
|
|
|
<synopsis>
|
|
|
|
The Java plug-in security in Sun and Blackdown Java environments can be
|
|
|
|
bypassed to access arbitrary packages, allowing untrusted Java applets to
|
|
|
|
perform unrestricted actions on the host system.
|
|
|
|
</synopsis>
|
|
|
|
<product type="ebuild">Java</product>
|
|
|
|
<announced>2004-11-29</announced>
|
|
|
|
<revised count="02">2006-05-31</revised>
|
|
|
|
<bug>72172</bug>
|
|
|
|
<bug>72221</bug>
|
|
|
|
<access>remote</access>
|
|
|
|
<affected>
|
|
|
|
<package name="dev-java/sun-jdk" auto="yes" arch="x86 amd64">
|
|
|
|
<unaffected range="ge">1.4.2.06</unaffected>
|
|
|
|
<vulnerable range="lt">1.4.2.06</vulnerable>
|
|
|
|
</package>
|
|
|
|
<package name="dev-java/sun-jre-bin" auto="yes" arch="x86 amd64">
|
|
|
|
<unaffected range="ge">1.4.2.06</unaffected>
|
|
|
|
<vulnerable range="lt">1.4.2.06</vulnerable>
|
|
|
|
</package>
|
|
|
|
<package name="dev-java/blackdown-jdk" auto="yes" arch="x86 amd64">
|
|
|
|
<unaffected range="ge">1.4.2.01</unaffected>
|
|
|
|
<vulnerable range="lt">1.4.2.01</vulnerable>
|
|
|
|
</package>
|
|
|
|
<package name="dev-java/blackdown-jre" auto="yes" arch="x86 amd64">
|
|
|
|
<unaffected range="ge">1.4.2.01</unaffected>
|
|
|
|
<vulnerable range="lt">1.4.2.01</vulnerable>
|
|
|
|
</package>
|
|
|
|
</affected>
|
|
|
|
<background>
|
|
|
|
<p>
|
|
|
|
Sun and Blackdown both provide implementations of Java Development Kits
|
|
|
|
(JDK) and Java Runtime Environments (JRE). All these implementations
|
|
|
|
provide a Java plug-in that can be used to execute Java applets in a
|
|
|
|
restricted environment for web browsers.
|
|
|
|
</p>
|
|
|
|
</background>
|
|
|
|
<description>
|
|
|
|
<p>
|
|
|
|
All Java plug-ins are subject to a vulnerability allowing unrestricted
|
|
|
|
Java package access.
|
|
|
|
</p>
|
|
|
|
</description>
|
|
|
|
<impact type="normal">
|
|
|
|
<p>
|
|
|
|
A remote attacker could embed a malicious Java applet in a web page and
|
|
|
|
entice a victim to view it. This applet can then bypass security
|
|
|
|
restrictions and execute any command or access any file with the rights
|
|
|
|
of the user running the web browser.
|
|
|
|
</p>
|
|
|
|
</impact>
|
|
|
|
<workaround>
|
|
|
|
<p>
|
|
|
|
As a workaround you could disable Java applets on your web browser.
|
|
|
|
</p>
|
|
|
|
</workaround>
|
|
|
|
<resolution>
|
|
|
|
<p>
|
|
|
|
All Sun JDK users should upgrade to the latest version:
|
|
|
|
</p>
|
|
|
|
<code>
|
|
|
|
# emerge --sync
|
|
|
|
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06"</code>
|
|
|
|
<p>
|
|
|
|
All Sun JRE users should upgrade to the latest version:
|
|
|
|
</p>
|
|
|
|
<code>
|
|
|
|
# emerge --sync
|
|
|
|
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06"</code>
|
|
|
|
<p>
|
|
|
|
All Blackdown JDK users should upgrade to the latest version:
|
|
|
|
</p>
|
|
|
|
<code>
|
|
|
|
# emerge --sync
|
|
|
|
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01"</code>
|
|
|
|
<p>
|
|
|
|
All Blackdown JRE users should upgrade to the latest version:
|
|
|
|
</p>
|
|
|
|
<code>
|
|
|
|
# emerge --sync
|
|
|
|
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01"</code>
|
|
|
|
<p>
|
|
|
|
Note: You should unmerge all vulnerable versions to be fully protected.
|
|
|
|
</p>
|
|
|
|
</resolution>
|
|
|
|
<references>
|
|
|
|
<uri link="http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities">iDEFENSE Security Advisory 11.22.04</uri>
|
|
|
|
<uri link="https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1029">CAN-2004-1029</uri>
|
|
|
|
<uri link="http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt">Blackdown Security Advisory 2004-01</uri>
|
|
|
|
</references>
|
|
|
|
<metadata tag="requester" timestamp="2004-11-25T09:46:01Z">
|
|
|
|
koon
|
|
|
|
</metadata>
|
|
|
|
<metadata tag="submitter" timestamp="2004-11-26T21:58:36Z">
|
|
|
|
koon
|
|
|
|
</metadata>
|
|
|
|
<metadata tag="bugReady" timestamp="2004-11-29T21:15:47Z">
|
|
|
|
koon
|
|
|
|
</metadata>
|
|
|
|
</glsa>
|