Vulnerability Bulletins |
Aumento de privilegios en Java Runtime Environment |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | UNIX |
| Affected software |
Sun JDK / JRE 5.0 <= Update 7 Sun SDK / JRE <= 1.4.2_12 |
Description |
|
|
Se han descubierto dos vulnerabilidades en Java Runtime Environment. Las vulnerabilidades residen en errores no especificados relacionados con la serialización. Un atacante podría elevar sus privilegios mediante el uso de un applet o una aplicación. |
|
Solution |
|
|
Actualización de software Sun J2SE 5.0 update 9 / Solaris / patch 118666-09 J2SE 5.0 update 9 / Solaris / (64bit) / patch 118667-09 J2SE 5.0_x86 update / Solaris 9 / patch 118668-09 J2SE 5.0_x86 update / Solaris 9 / (64bit) / patch 118669-09 JDK / JRE 5.0 Update 8 http://java.sun.com/javase/downloads/index_jdk5.jsp SDK / JRE 1.4.2_13 http://java.sun.com/j2se/1.4.2/download.html Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Hewlett-Packard Java 1.5.0.00.00 / Actualizar a Java 1.5.0.06 Java <= 1.4.2.11 / Actualizar a Java 1.4.2.12 Java <= 1.3.1.19 / Actualizar a Java 1.3.1.20 http://www.hp.com/go/java BEA (BEA07-171.00) Actualizar BEA system. Actualizar Java Virtual Machine. http://commerce.bea.com/products/weblogicjrockit/jrockit_prod_fam.jsp Apple Java Release 6 / Mac OS X 10.4 http://www.apple.com/support/downloads/javaformacosx104release6.html |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2006-6745 |
| BID | |
Other resources |
|
|
Sun Alert Notification (102731) http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 SUSE Security Advisory (SUSE-SA:2007:003) http://www.novell.com/linux/security/advisories/2007_03_java.html SUSE Security Advisory (SUSE-SA:2007:010) http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html HP SECURITY BULLETIN (HPSBUX02196) http://www5.itrc.hp.com/service/cki/docDisplay.do?docId=c00876579 BEA Security Advisory (BEA07-171.00) http://dev2dev.bea.com/pub/advisory/240 SUSE Security Advisory (SUSE-SA:2007:045) http://www.novell.com/linux/security/advisories/2007_45_java.html Apple Security Update (307177) http://docs.info.apple.com/article.html?artnum=307177 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2006-12-27 |
| 1.1 | CVE añadido, Aviso emitido por Suse (SUSE-SA:2007:003) | 2007-01-10 |
| 1.2 | Aviso emitido por Suse (SUSE-SA:2007:010) | 2007-01-22 |
| 1.3 | Aviso emitido por HP (HPSBUX02196) | 2007-03-07 |
| 1.4 | Aviso emitido por BEA (BEA07-171.00) | 2007-05-21 |
| 1.5 | Aviso emitido por Suse (SUSE-SA:2007:045) | 2007-07-20 |
| 1.6 | Aviso emitido por Apple (307177) | 2007-12-17 |