[gentoo-announce] [ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200705-20 ] Blackdown Java: Applet privilege escalation
Date:	Sat, 26 May 2007 20:13:06
Message-Id:	`20070526194258.GP21234@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200705-20

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: Blackdown Java: Applet privilege escalation

9

      Date: May 26, 2007

10

      Bugs: #161835

11

        ID: 200705-20

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

The Blackdown JDK and the Blackdown JRE suffer from the multiple

19

unspecified vulnerabilities that already affected the Sun JDK and JRE.

20

21

Background

22

==========

23

24

Blackdown provides implementations of the Java Development Kit (JDK)

25

and the Java Runtime Environment (JRE).

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package                 /    Vulnerable    /           Unaffected

32

    -------------------------------------------------------------------

33

  1  dev-java/blackdown-jdk     < 1.4.2.03-r14         >= 1.4.2.03-r14

34

  2  dev-java/blackdown-jre     < 1.4.2.03-r14         >= 1.4.2.03-r14

35

    -------------------------------------------------------------------

36

     2 affected packages on all of their supported architectures.

37

    -------------------------------------------------------------------

38

39

Description

40

===========

41

42

Chris Evans has discovered multiple buffer overflows in the Sun JDK and

43

the Sun JRE possibly related to various AWT and font layout functions.

44

Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK

45

and the Sun JRE relating to unintended applet data access. He has also

46

discovered multiple other unspecified vulnerabilities in the Sun JDK

47

and the Sun JRE allowing unintended Java applet or application resource

48

acquisition. Additionally, a memory corruption error has been found in

49

the handling of GIF images with zero width field blocks.

50

51

Impact

52

======

53

54

An attacker could entice a user to run a specially crafted Java applet

55

or application that could read, write, or execute local files with the

56

privileges of the user running the JVM, access data maintained in other

57

Java applets, or escalate the privileges of the currently running Java

58

applet or application allowing for unauthorized access to system

59

resources.

60

61

Workaround

62

==========

63

64

Disable the "nsplugin" USE flag in order to prevent web applets from

65

being run.

66

67

Resolution

68

==========

69

70

Since there is no fixed update from Blackdown and since the flaw only

71

occurs in the applets, the "nsplugin" USE flag has been masked in the

72

portage tree. Emerge the ebuild again in order to fix the

73

vulnerability. Another solution is to switch to another Java

74

implementation such as the Sun implementation (dev-java/sun-jdk and

75

dev-java/sun-jre-bin).

76

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose "dev-java/blackdown-jdk"

79

    # emerge --ask --oneshot --verbose "dev-java/blackdown-jre"

80

81

References

82

==========

83

84

  [ 1 ] CVE-2006-6731

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731

86

  [ 2 ] CVE-2006-6736

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736

88

  [ 3 ] CVE-2006-6737

89

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737

90

  [ 4 ] CVE-2006-6745

91

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745

92

93

Availability

94

============

95

96

This GLSA and any updates to it are available for viewing at

97

the Gentoo Security Website:

98

99

  http://security.gentoo.org/glsa/glsa-200705-20.xml

100

101

Concerns?

102

=========

103

104

Security is a primary focus of Gentoo Linux and ensuring the

105

confidentiality and security of our users machines is of utmost

106

importance to us. Any security concerns should be addressed to

107

security@g.o or alternatively, you may file a bug at

108

http://bugs.gentoo.org.

109

110

License

111

=======

112

113

Copyright 2007 Gentoo Foundation, Inc; referenced text

114

belongs to its owner(s).

115

116

The contents of this document are licensed under the

117

Creative Commons - Attribution / Share Alike license.

118

119

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200705-20
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: Blackdown Java: Applet privilege escalation
9	Date: May 26, 2007
10	Bugs: #161835
11	ID: 200705-20
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	The Blackdown JDK and the Blackdown JRE suffer from the multiple
19	unspecified vulnerabilities that already affected the Sun JDK and JRE.
20
21	Background
22	==========
23
24	Blackdown provides implementations of the Java Development Kit (JDK)
25	and the Java Runtime Environment (JRE).
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 dev-java/blackdown-jdk < 1.4.2.03-r14 >= 1.4.2.03-r14
34	2 dev-java/blackdown-jre < 1.4.2.03-r14 >= 1.4.2.03-r14
35	-------------------------------------------------------------------
36	2 affected packages on all of their supported architectures.
37	-------------------------------------------------------------------
38
39	Description
40	===========
41
42	Chris Evans has discovered multiple buffer overflows in the Sun JDK and
43	the Sun JRE possibly related to various AWT and font layout functions.
44	Tom Hawtin has discovered an unspecified vulnerability in the Sun JDK
45	and the Sun JRE relating to unintended applet data access. He has also
46	discovered multiple other unspecified vulnerabilities in the Sun JDK
47	and the Sun JRE allowing unintended Java applet or application resource
48	acquisition. Additionally, a memory corruption error has been found in
49	the handling of GIF images with zero width field blocks.
50
51	Impact
52	======
53
54	An attacker could entice a user to run a specially crafted Java applet
55	or application that could read, write, or execute local files with the
56	privileges of the user running the JVM, access data maintained in other
57	Java applets, or escalate the privileges of the currently running Java
58	applet or application allowing for unauthorized access to system
59	resources.
60
61	Workaround
62	==========
63
64	Disable the "nsplugin" USE flag in order to prevent web applets from
65	being run.
66
67	Resolution
68	==========
69
70	Since there is no fixed update from Blackdown and since the flaw only
71	occurs in the applets, the "nsplugin" USE flag has been masked in the
72	portage tree. Emerge the ebuild again in order to fix the
73	vulnerability. Another solution is to switch to another Java
74	implementation such as the Sun implementation (dev-java/sun-jdk and
75	dev-java/sun-jre-bin).
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose "dev-java/blackdown-jdk"
79	# emerge --ask --oneshot --verbose "dev-java/blackdown-jre"
80
81	References
82	==========
83
84	[ 1 ] CVE-2006-6731
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6731
86	[ 2 ] CVE-2006-6736
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6736
88	[ 3 ] CVE-2006-6737
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6737
90	[ 4 ] CVE-2006-6745
91	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6745
92
93	Availability
94	============
95
96	This GLSA and any updates to it are available for viewing at
97	the Gentoo Security Website:
98
99	http://security.gentoo.org/glsa/glsa-200705-20.xml
100
101	Concerns?
102	=========
103
104	Security is a primary focus of Gentoo Linux and ensuring the
105	confidentiality and security of our users machines is of utmost
106	importance to us. Any security concerns should be addressed to
107	security@g.o or alternatively, you may file a bug at
108	http://bugs.gentoo.org.
109
110	License
111	=======
112
113	Copyright 2007 Gentoo Foundation, Inc; referenced text
114	belongs to its owner(s).
115
116	The contents of this document are licensed under the
117	Creative Commons - Attribution / Share Alike license.
118
119	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce