|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200506-14] Sun and Blackdown Java: Applet privilege escalation Vulnerability Scan
Vulnerability Scan Summary Sun and Blackdown Java: Applet privilege escalation
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200506-14
(Sun and Blackdown Java: Applet privilege escalation)
Both Sun's and Blackdown's JDK and JRE may allow untrusted applets
to elevate rights.
Impact
A remote attacker could embed a malicious Java applet in a web
page and entice a victim to view it. This applet can then bypass
security restrictions and execute any command or access any file with
the rights of the user running the web browser.
Workaround
There are no known workarounds at this time.
References:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-02.txt
Solution:
All Sun JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.08"
All Sun JRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.08"
All Blackdown JDK users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.02"
All Blackdown JRE users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.02"
Note to SPARC users: There is no stable secure Blackdown Java
for the SPARC architecture. Affected users should remove the package
until a SPARC package is released.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|