Boletines de Vulnerabilidades |
Vulnerabilidad en Java Runtime Environment |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | Comercial Software |
Software afectado |
Java 2 Platform, Standard Edition(J2SE) 5.0 (Windows, Solaris, Linux) Java 2 Platform, Standard Edition(J2SE) 5.0 Update 1 (Windows, Solaris, Linux) Java 2 Platform, Standard Edition(J2SE) <=1.4.2_07 (Windows, Solaris, Linux) |
Descripción |
|
Se ha descubierto una vulnerabilidad en la versión 1.4.2_07 de la rama 1.4.2 y en las versiones 5.0 y 5.0 Update 1 de Java 2 Platform, Standard Edition (J2SE). La vulnerabilidad reside en que un applet en el que no se confía puede elevar sus privilegios. La explotación de esta vulnerabilidad podría permitir a un atacante remoto leer y escribir en archivos del sistema o ejecutar aplicaciones mediante un applet especialmente diseñado. |
|
Solución |
|
Actualización de software Sun Java Java 2 Platform, Standard Edition(J2SE) 5.0 Update 2 http://java.sun.com/j2se/1.5.0/download.jsp Java 2 Platform, Standard Edition(J2SE) 1.4.2_08 http://java.sun.com/j2se/1.4.2/download.html SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-alsa-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-demo-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-devel-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-jdbc-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-plugin-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-src-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/java-1_4_2-sun-1.4.2.08-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-jre-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-jre-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/java2-1.4.2-144.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-jre-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/java2-1.4.2-144.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/java2-1.4.2-144.src.rpm HP HP-UX Java 1.4 y anterior, actualizar a 1.4.2.09.00 o posterior. http://www.hp.com/go/java Java 5.0.00.00 y anterior, actualizar a 5.0.01.00 o posterior. http://www.hp.com/go/java Openview OpenView Operations 7.x / HP-UX / PHSS_32406 OpenView Operations 7.x / Solaris / ITOSOL_00388 OpenView Operations 8.0 / HP-UX / PHSS_33627 OpenView Operations 8.x / Solaris / ITOSOL_00451 OpenView VantagePoint 6.x / HP-UX / PHSS_33866 OpenView VantagePoint 6.x / Solaris / ITOSOL_00468 http://itrc.hp.com |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-1974 |
BID | |
Recursos adicionales |
|
Sun(sm) Alert Notification 101749 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 SUSE Security Announcement SUSE-SA:2005:032 http://www.novell.com/linux/security/advisories/2005_32_java2.html HP Security Advisory HPSBUX01215 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01215 HP SECURITY BULLETIN (HPSBMA01234) http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01234 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-06-23 |
1.1 | Aviso emitido por HP (HPSBUX01215) | 2005-08-31 |
1.2 | Aviso emitido por HP (HPSBMA01234) | 2005-10-21 |