[gentoo-announce] [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200601-10 ] Sun and Blackdown Java: Applet privilege escalation
Date:	Mon, 16 Jan 2006 13:52:37
Message-Id:	`43CBA0F9.40609@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200601-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Sun and Blackdown Java: Applet privilege escalation

9

      Date: January 16, 2006

10

      Bugs: #118114

11

        ID: 200601-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate

19

their privileges.

20

21

Background

22

==========

23

24

Sun and Blackdown both provide implementations of the Java Development

25

Kit (JDK) and Java Runtime Environment (JRE).

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package                 /  Vulnerable  /               Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-java/sun-jdk           < 1.4.2.09                 >= 1.4.2.09

34

  2  dev-java/sun-jre-bin       < 1.4.2.09                 >= 1.4.2.09

35

  3  dev-java/blackdown-jdk     < 1.4.2.03                 >= 1.4.2.03

36

  4  dev-java/blackdown-jre     < 1.4.2.03                 >= 1.4.2.03

37

    -------------------------------------------------------------------

38

     4 affected packages on all of their supported architectures.

39

    -------------------------------------------------------------------

40

41

Description

42

===========

43

44

Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime

45

Environment's Reflection APIs that may allow untrusted applets to

46

elevate privileges.

47

48

Impact

49

======

50

51

A remote attacker could embed a malicious Java applet in a web page and

52

entice a victim to view it. This applet can then bypass security

53

restrictions and execute any command or access any file with the rights

54

of the user running the web browser.

55

56

Workaround

57

==========

58

59

There are no known workarounds at this time.

60

61

Resolution

62

==========

63

64

All Sun JDK users should upgrade to the latest version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.09"

68

69

All Sun JRE users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.09"

73

74

All Blackdown JDK users should upgrade to the latest version:

75

76

    # emerge --sync

77

    # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.03"

78

79

All Blackdown JRE users should upgrade to the latest version:

80

81

    # emerge --sync

82

    # emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.03"

83

84

Note to SPARC and PPC users: There is no stable secure Blackdown Java

85

for the SPARC or PPC architectures. Affected users on the PPC

86

architecture should consider switching to the IBM Java packages

87

(ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should

88

remove the package until a SPARC package is released.

89

90

References

91

==========

92

93

  [ 1 ] CVE-2005-3905

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905

95

  [ 2 ] CVE-2005-3906

96

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906

97

  [ 3 ] Sun Security Alert ID 102003

98

99

http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1

100

  [ 4 ] Blackdown Java-Linux Security Advisory

101

102

http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-03.txt

103

104

Availability

105

============

106

107

This GLSA and any updates to it are available for viewing at

108

the Gentoo Security Website:

109

110

  http://security.gentoo.org/glsa/glsa-200601-10.xml

111

112

Concerns?

113

=========

114

115

Security is a primary focus of Gentoo Linux and ensuring the

116

confidentiality and security of our users machines is of utmost

117

importance to us. Any security concerns should be addressed to

118

security@g.o or alternatively, you may file a bug at

119

http://bugs.gentoo.org.

120

121

License

122

=======

123

124

Copyright 2006 Gentoo Foundation, Inc; referenced text

125

belongs to its owner(s).

126

127

The contents of this document are licensed under the

128

Creative Commons - Attribution / Share Alike license.

129

130

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200601-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Sun and Blackdown Java: Applet privilege escalation
9	Date: January 16, 2006
10	Bugs: #118114
11	ID: 200601-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate
19	their privileges.
20
21	Background
22	==========
23
24	Sun and Blackdown both provide implementations of the Java Development
25	Kit (JDK) and Java Runtime Environment (JRE).
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-java/sun-jdk < 1.4.2.09 >= 1.4.2.09
34	2 dev-java/sun-jre-bin < 1.4.2.09 >= 1.4.2.09
35	3 dev-java/blackdown-jdk < 1.4.2.03 >= 1.4.2.03
36	4 dev-java/blackdown-jre < 1.4.2.03 >= 1.4.2.03
37	-------------------------------------------------------------------
38	4 affected packages on all of their supported architectures.
39	-------------------------------------------------------------------
40
41	Description
42	===========
43
44	Adam Gowdiak discovered multiple vulnerabilities in the Java Runtime
45	Environment's Reflection APIs that may allow untrusted applets to
46	elevate privileges.
47
48	Impact
49	======
50
51	A remote attacker could embed a malicious Java applet in a web page and
52	entice a victim to view it. This applet can then bypass security
53	restrictions and execute any command or access any file with the rights
54	of the user running the web browser.
55
56	Workaround
57	==========
58
59	There are no known workarounds at this time.
60
61	Resolution
62	==========
63
64	All Sun JDK users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.09"
68
69	All Sun JRE users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.09"
73
74	All Blackdown JDK users should upgrade to the latest version:
75
76	# emerge --sync
77	# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jdk-1.4.2.03"
78
79	All Blackdown JRE users should upgrade to the latest version:
80
81	# emerge --sync
82	# emerge --ask --oneshot --verbose ">=dev-java/blackdown-jre-1.4.2.03"
83
84	Note to SPARC and PPC users: There is no stable secure Blackdown Java
85	for the SPARC or PPC architectures. Affected users on the PPC
86	architecture should consider switching to the IBM Java packages
87	(ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should
88	remove the package until a SPARC package is released.
89
90	References
91	==========
92
93	[ 1 ] CVE-2005-3905
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3905
95	[ 2 ] CVE-2005-3906
96	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3906
97	[ 3 ] Sun Security Alert ID 102003
98
99	http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1
100	[ 4 ] Blackdown Java-Linux Security Advisory
101
102	http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-03.txt
103
104	Availability
105	============
106
107	This GLSA and any updates to it are available for viewing at
108	the Gentoo Security Website:
109
110	http://security.gentoo.org/glsa/glsa-200601-10.xml
111
112	Concerns?
113	=========
114
115	Security is a primary focus of Gentoo Linux and ensuring the
116	confidentiality and security of our users machines is of utmost
117	importance to us. Any security concerns should be addressed to
118	security@g.o or alternatively, you may file a bug at
119	http://bugs.gentoo.org.
120
121	License
122	=======
123
124	Copyright 2006 Gentoo Foundation, Inc; referenced text
125	belongs to its owner(s).
126
127	The contents of this document are licensed under the
128	Creative Commons - Attribution / Share Alike license.
129
130	http://creativecommons.org/licenses/by-sa/2.0