Vulnerability Bulletins

int(1659)

Vulnerability Bulletins

Vulnerabilidad en Java Runtime Environment
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Aumento de privilegios
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	Comercial Software
Affected software	Java 2 Platform, Standard Edition(J2SE) 5.0 (Windows, Solaris, Linux) Java 2 Platform, Standard Edition(J2SE) 5.0 Update 1 (Windows, Solaris, Linux) Java 2 Platform, Standard Edition(J2SE) <=1.4.2_07 (Windows, Solaris, Linux)
Description
Se ha descubierto una vulnerabilidad en la versión 1.4.2_07 de la rama 1.4.2 y en las versiones 5.0 y 5.0 Update 1 de Java 2 Platform, Standard Edition (J2SE). La vulnerabilidad reside en que un applet en el que no se confía puede elevar sus privilegios. La explotación de esta vulnerabilidad podría permitir a un atacante remoto leer y escribir en archivos del sistema o ejecutar aplicaciones mediante un applet especialmente diseñado.
Solution
Actualización de software Sun Java Java 2 Platform, Standard Edition(J2SE) 5.0 Update 2 http://java.sun.com/j2se/1.5.0/download.jsp Java 2 Platform, Standard Edition(J2SE) 1.4.2_08 http://java.sun.com/j2se/1.4.2/download.html SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-alsa-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-demo-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-devel-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-jdbc-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-plugin-1.4.2.08-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-alsa-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-demo-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-devel-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-jdbc-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-plugin-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/java-1_4_2-sun-src-1.4.2.08-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/java-1_4_2-sun-1.4.2.08-0.1.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-jre-1.4.2-129.14.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/java2-jre-1.4.2-129.14.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/java2-1.4.2-129.14.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/java2-1.4.2-144.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/java2-jre-1.4.2-144.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/java2-1.4.2-144.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/java2-jre-1.4.2-144.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/java2-1.4.2-144.src.rpm HP HP-UX Java 1.4 y anterior, actualizar a 1.4.2.09.00 o posterior. http://www.hp.com/go/java Java 5.0.00.00 y anterior, actualizar a 5.0.01.00 o posterior. http://www.hp.com/go/java Openview OpenView Operations 7.x / HP-UX / PHSS_32406 OpenView Operations 7.x / Solaris / ITOSOL_00388 OpenView Operations 8.0 / HP-UX / PHSS_33627 OpenView Operations 8.x / Solaris / ITOSOL_00451 OpenView VantagePoint 6.x / HP-UX / PHSS_33866 OpenView VantagePoint 6.x / Solaris / ITOSOL_00468 http://itrc.hp.com
Standar resources
Property	Value
CVE	CAN-2005-1974
BID
Other resources
Sun(sm) Alert Notification 101749 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1 SUSE Security Announcement SUSE-SA:2005:032 http://www.novell.com/linux/security/advisories/2005_32_java2.html HP Security Advisory HPSBUX01215 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01215 HP SECURITY BULLETIN (HPSBMA01234) http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01234

Version history
Version	Comments	Date
1.0	Aviso emitido	2005-06-23
1.1	Aviso emitido por HP (HPSBUX01215)	2005-08-31
1.2	Aviso emitido por HP (HPSBMA01234)	2005-10-21

Vulnerability Bulletins

Vulnerabilidad en Java Runtime Environment

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history