[SECURITY] Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges

Juergen Kreileder Fri, 02 Dec 2005 16:27:37 -0800

_______________________________________________________________________________


                Blackdown Java-Linux Security Advisory

        Advisory number: Blackdown-SA-2005-03
        Issue date: 2005, November 29
        Synopsis: Java Runtime Environment May Allow Untrusted Applet to 
Elevate Privileges

_______________________________________________________________________________


1. Problem

   Three vulnerabilities in the Java Runtime Environment's Reflection
   APIs may allow an untrusted applet to elevate its privileges. For
   example, an applet may grant itself permissions to read and write
   local files or execute local applications that are accessible to
   the user running the untrusted applet.


2. Vulnerable Versions

   Blackdown J2SE 1.4.2-02 and earlier releases.


3. Solution

   Upgrade to J2SE v1.4.2-03


4. Location of fixed packages:

   Java 2 Runtime Environment v1.4.2-03:

        amd64:  
ftp://ftp.tux.org/java/JDK-1.4.2/amd64/03/j2re-1.4.2-03-linux-amd64.bin
                0785ca638962dc85a31dd8a6dc40007a
        x86:    
ftp://ftp.tux.org/java/JDK-1.4.2/i386/03/j2re-1.4.2-03-linux-i586.bin
                cf4f3c8c86f64fd532f074943b432285

   Java 2 SDK v1.4.2-03

        amd64:  
ftp://ftp.tux.org/java/JDK-1.4.2/amd64/03/j2sdk-1.4.2-03-linux-amd64.bin
                fa1add887128fb01d255356680a09445
        x86:    
ftp://ftp.tux.org/java/JDK-1.4.2/i386/03/j2sdk-1.4.2-03-linux-i586.bin
                357e1b2c22abcef2db561a338f7dbfe3


5. Location of fixed Debian packages:

   Debian packages are available at ftp://ftp.tux.org/java/debian/
   The release files are signed with our GPG key
  (see http://www.blackdown.org/java-linux/java2-status/security.html)

        amd64:  
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2re1.4_1.4.2.03-1_amd64.deb
                396d7c1196c2495e448755877e58a815

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2re1.4-mozilla-plugin_1.4.2.03-1_amd64.deb
                ccdb56eb31de5eebbcdf95a221c2d8df

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2sdk1.4_1.4.2.03-1_amd64.deb
                c5b4b5e349f7d75bd98509011caba5da

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2sdk1.4-demo_1.4.2.03-1_amd64.deb
                cc721cc73c7737626b09718a7c6f9819

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2sdk1.4-doc_1.4.2.03-1_amd64.deb
                525c5c9c8e409209b2098c91e5d37f7b

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-amd64/j2sdk1.4-src_1.4.2.03-1_amd64.deb
                fce548197da5305a92fb3700ce2511d0


        x86:    
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2re1.4_1.4.2.03-1_i386.deb
                c469f0a6146d370b158486c7bac2a3a1

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2re1.4-mozilla-plugin_1.4.2.03-1_i386.deb
                b03c888b7254064f029d87449e303590

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2sdk1.4_1.4.2.03-1_i386.deb
                a0a83fd8bc2284a47cb0f88773d31292

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2sdk1.4-demo_1.4.2.03-1_i386.deb
                389b8cd6406b1587a3e9587d3187486f

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2sdk1.4-doc_1.4.2.03-1_i386.deb
                f44eb05c894ed651a6615fe1388afa7e

                
ftp://ftp.tux.org/java/JDK-1.4.2/debian/pool/non-free/j/j2se1.4-i586/j2sdk1.4-src_1.4.2.03-1_i386.deb
                440370ad6047232d1cdd8ac269c6913d


6. References

   http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1


_______________________________________________________________________________

   The information in this advisory may be distributed or reproduced,
   provided that the advisory is not modified in any way. In
   particular, it is desired that the cleartext signature shows proof
   of the authenticity of the text.

   Blackdown Java-Linux makes no warranties of any kind whatsoever
   with respect to the information contained in this security
   advisory.
_______________________________________________________________________________


-- 
Juergen Kreileder, Blackdown Java-Linux Team
http://blog.blackdown.de/

pgppsVv1tAC6Y.pgp
Description: PGP signature

[SECURITY] Java Runtime Environment May Allow Untrusted Applet to Elevate Privileges

Reply via email to