[gentoo-announce] [ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation - gentoo-announce

From:	Stefan Cornelius <dercorny@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200602-07 ] Sun JDK/JRE: Applet privilege escalation
Date:	Wed, 15 Feb 2006 02:38:19
Message-Id:	`200602150312.11419.dercorny@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200602-07

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Sun JDK/JRE: Applet privilege escalation

9

      Date: February 15, 2006

10

      Bugs: #122156

11

        ID: 200602-07

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do

19

not adequately constrain applets from privilege escalation and

20

arbitrary code execution.

21

22

Background

23

==========

24

25

Sun's JDK and JRE provide interpreters for Java Applets in a sandboxed

26

environment. These implementations provide the Java Web Start

27

technology that can be used for easy client-side deployment of Java

28

applications.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package               /  Vulnerable  /                 Unaffected

35

    -------------------------------------------------------------------

36

  1  dev-java/sun-jdk         < 1.4.2.10                   >= 1.4.2.10

37

  2  dev-java/sun-jre-bin     < 1.4.2.10                   >= 1.4.2.10

38

    -------------------------------------------------------------------

39

     2 affected packages on all of their supported architectures.

40

    -------------------------------------------------------------------

41

42

Description

43

===========

44

45

Applets executed using JRE or JDK can use "reflection" APIs functions

46

to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak

47

discovered five vulnerabilities that use this method for privilege

48

escalation. Two more vulnerabilities were discovered by the vendor.

49

Peter Csepely discovered that Web Start Java applications also can an

50

escalate their privileges.

51

52

Impact

53

======

54

55

A malicious Java applet can bypass Java sandbox restrictions and hence

56

access local files, connect to arbitrary network locations and execute

57

arbitrary code on the user's machine. Java Web Start applications are

58

affected likewise.

59

60

Workaround

61

==========

62

63

Select another Java implementation using java-config.

64

65

Resolution

66

==========

67

68

All Sun JDK users should upgrade to the latest version:

69

70

    # emerge --sync

71

    # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.10"

72

73

All Sun JRE users should upgrade to the latest version:

74

75

    # emerge --sync

76

    # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.10"

77

78

References

79

==========

80

81

  [ 1 ] Sun Security Alert ID 102170

82

        http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1

83

  [ 2 ] Sun Security Alert ID 102171

84

        http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

85

  [ 3 ] CVE-2006-0614

86

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0614

87

  [ 4 ] CVE-2006-0615

88

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0615

89

  [ 5 ] CVE-2006-0616

90

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0616

91

  [ 6 ] CVE-2006-0617

92

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0617

93

94

Availability

95

============

96

97

This GLSA and any updates to it are available for viewing at

98

the Gentoo Security Website:

99

100

  http://security.gentoo.org/glsa/glsa-200602-07.xml

101

102

Concerns?

103

=========

104

105

Security is a primary focus of Gentoo Linux and ensuring the

106

confidentiality and security of our users machines is of utmost

107

importance to us. Any security concerns should be addressed to

108

security@g.o or alternatively, you may file a bug at

109

http://bugs.gentoo.org.

110

111

License

112

=======

113

114

Copyright 2006 Gentoo Foundation, Inc; referenced text

115

belongs to its owner(s).

116

117

The contents of this document are licensed under the

118

Creative Commons - Attribution / Share Alike license.

119

120

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200602-07
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Sun JDK/JRE: Applet privilege escalation
9	Date: February 15, 2006
10	Bugs: #122156
11	ID: 200602-07
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Sun's Java Development Kit (JDK) and Java Runtime Environment (JRE) do
19	not adequately constrain applets from privilege escalation and
20	arbitrary code execution.
21
22	Background
23	==========
24
25	Sun's JDK and JRE provide interpreters for Java Applets in a sandboxed
26	environment. These implementations provide the Java Web Start
27	technology that can be used for easy client-side deployment of Java
28	applications.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 dev-java/sun-jdk < 1.4.2.10 >= 1.4.2.10
37	2 dev-java/sun-jre-bin < 1.4.2.10 >= 1.4.2.10
38	-------------------------------------------------------------------
39	2 affected packages on all of their supported architectures.
40	-------------------------------------------------------------------
41
42	Description
43	===========
44
45	Applets executed using JRE or JDK can use "reflection" APIs functions
46	to elevate its privileges beyond the sandbox restrictions. Adam Gowdiak
47	discovered five vulnerabilities that use this method for privilege
48	escalation. Two more vulnerabilities were discovered by the vendor.
49	Peter Csepely discovered that Web Start Java applications also can an
50	escalate their privileges.
51
52	Impact
53	======
54
55	A malicious Java applet can bypass Java sandbox restrictions and hence
56	access local files, connect to arbitrary network locations and execute
57	arbitrary code on the user's machine. Java Web Start applications are
58	affected likewise.
59
60	Workaround
61	==========
62
63	Select another Java implementation using java-config.
64
65	Resolution
66	==========
67
68	All Sun JDK users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.10"
72
73	All Sun JRE users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.10"
77
78	References
79	==========
80
81	[ 1 ] Sun Security Alert ID 102170
82	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1
83	[ 2 ] Sun Security Alert ID 102171
84	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1
85	[ 3 ] CVE-2006-0614
86	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0614
87	[ 4 ] CVE-2006-0615
88	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0615
89	[ 5 ] CVE-2006-0616
90	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0616
91	[ 6 ] CVE-2006-0617
92	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0617
93
94	Availability
95	============
96
97	This GLSA and any updates to it are available for viewing at
98	the Gentoo Security Website:
99
100	http://security.gentoo.org/glsa/glsa-200602-07.xml
101
102	Concerns?
103	=========
104
105	Security is a primary focus of Gentoo Linux and ensuring the
106	confidentiality and security of our users machines is of utmost
107	importance to us. Any security concerns should be addressed to
108	security@g.o or alternatively, you may file a bug at
109	http://bugs.gentoo.org.
110
111	License
112	=======
113
114	Copyright 2006 Gentoo Foundation, Inc; referenced text
115	belongs to its owner(s).
116
117	The contents of this document are licensed under the
118	Creative Commons - Attribution / Share Alike license.
119
120	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce