|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-38] Sun and Blackdown Java: Applet privilege escalation Vulnerability Scan
Vulnerability Scan Summary
Sun and Blackdown Java: Applet privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-38
(Sun and Blackdown Java: Applet privilege escalation)
All Java plug-ins are subject to a vulnerability allowing
unrestricted Java package access.
Impact
A remote attacker could embed a malicious Java applet in a web
page and entice a victim to view it. This applet can then bypass
security restrictions and execute any command or access any file with
the rights of the user running the web browser.
Workaround
As a workaround you could disable Java applets on your web
browser.
References:
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1029
http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt
Solution:
All Sun JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.06"
All Sun JRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.06"
All Blackdown JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.01"
All Blackdown JRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.01"
Note: You should unmerge all vulnerable versions to be fully
protected.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
