17340 : Sun JRE Untrusted Applet Privilege Escalation
Printer | http://osvdb.org/17340 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

10 months ago

Percent Complete

90%

Disclosure

Jun 13, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Java 2 Platform Standard Edition (J2SE) contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an unspecified flaw, which may allow an untrusted applet to grant itself permissions to arbitrary read and write files and/or execute arbitrary applications resulting in a loss of integrty.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 5.0 Update 2 or 1.4.2_08 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sun Microsystems, Inc.	Java 2 Platform Standard Edition (J2SE)	5.0
		5.0 Update 1
		1.4.2_07

Hewlett-Packard Development Company, L.P.	OpenView Operations	7.x
		8.0
	OpenView VantagePoint	6.x

References

Security Tracker: 1014192 1015643
Secunia Advisory ID: 15671 15750 15755 15777 16658 17272
Related OSVDB ID: 17299
CVE ID: 2005-1974 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0432.html
http://archives.neohapsis.com/archives/bugtraq/2005-10/0227.html
Vendor Specific Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01214
http://itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01215
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
Vendor Specific News/Changelog Entry: http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200506-14.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware- ......
Vendor URL: http://www.sun.com/
Keyword: SSRT051052

Tools & Filters

Nessus	18480

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Sun Microsystems, Inc.

Java 2 Platform Standard Edition (J2SE)

Hewlett-Packard Development Company, L.P.

OpenView Operations

OpenView VantagePoint

References

Tools & Filters

Credit

Blogs

Comments