Vulnerability Bulletins

int(1462)

Vulnerability Bulletins

Vulnerabilidad en Java Web Start
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	UNIX
Affected software	J2SE 1.4.2x <=1.4.2_06
Description
Se ha descubierto una vulnerabilidad en la versión 1.4.2_06 y anteriores de la rama 1.4.2 de J2SE. La vulnerabilidad reside en Java Web Start que puede permitir a una aplicación no confiable elevar sus privilegios. La explotación de esta vulnerabilidad podría permitir a un atacante remoto leer y escribir archivos así como ejecutar aplicaciones en el sistema afectado con los privilegios del usuario que este ejecutando Java Web Start.
Solution
Actualización de software J2SE 1.4.2_07 Windows Solaris Linux http://java.sun.com/j2se/1.4.2/download.html SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-alsa-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-demo-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-devel-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-jdbc-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-plugin-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-src-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/java-1_4_2-sun-1.4.2.08-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-jre-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-jre-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/java2-1.4.2-144.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-jre-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/java2-1.4.2-144.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/java2-1.4.2-144.src.rpm
Standar resources
Property	Value
CVE	CAN-2005-0836
BID
Other resources
Sun(sm) Alert Notification 57740 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1 SUSE Security Announcement SUSE-SA:2005:032 http://www.novell.com/linux/security/advisories/2005_32_java2.html

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-03-21
1.1	CAN añadido	2005-04-01
1.2	Aviso emitido por SUSE (SUSE-SA:2005:032)	2005-06-23

Vulnerability Bulletins

Vulnerabilidad en Java Web Start

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history