Vulnerability Bulletins |
Vulnerabilidad en Java Web Start |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de privilegios |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | UNIX |
Affected software | J2SE 1.4.2x <=1.4.2_06 |
Description |
|
Se ha descubierto una vulnerabilidad en la versión 1.4.2_06 y anteriores de la rama 1.4.2 de J2SE. La vulnerabilidad reside en Java Web Start que puede permitir a una aplicación no confiable elevar sus privilegios. La explotación de esta vulnerabilidad podría permitir a un atacante remoto leer y escribir archivos así como ejecutar aplicaciones en el sistema afectado con los privilegios del usuario que este ejecutando Java Web Start. |
|
Solution |
|
Actualización de software J2SE 1.4.2_07 Windows Solaris Linux http://java.sun.com/j2se/1.4.2/download.html SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-alsa-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-demo-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-devel-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-jdbc-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-plugin-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-src-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/java-1_4_2-sun-1.4.2.08-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-jre-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-jre-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/java2-1.4.2-144.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-jre-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/java2-1.4.2-144.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/java2-1.4.2-144.src.rpm |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0836 |
BID | |
Other resources |
|
Sun(sm) Alert Notification 57740 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1 SUSE Security Announcement SUSE-SA:2005:032 http://www.novell.com/linux/security/advisories/2005_32_java2.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-03-21 |
1.1 | CAN añadido | 2005-04-01 |
1.2 | Aviso emitido por SUSE (SUSE-SA:2005:032) | 2005-06-23 |