(Apple Issues Fix) Sun Java Runtime Environment (JRE) Reflection API Multiple Bugs Let Applets Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1015963 |
|
SecurityTracker URL: http://securitytracker.com/id/1015963
|
|
CVE Reference:
CVE-2006-0614, CVE-2006-0615, CVE-2006-0616, CVE-2006-0617
(Links to External Site)
|
Date: Apr 19 2006
|
Impact:
Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): JRE 1.4.2_09 and earlier, JRE 5.0 Update 5 and earlier
|
Description:
Several vulnerabilities were reported in Sun's Java Runtime Environment. A remote applet may be able to obtain privileges on the target system.
Seven vulnerabilities exist in certain "reflection" APIs in JRE. A remote, untrusted applet may be able to gain elevated privleges. For example, an applet may be able to obtain permissions to read and write local files or execute local applications with the privileges of the user running the untrusted applet.
Sun credits Adam Gowdiak with reporting some of the vulnerabilities.
|
Impact:
A remote applet may be able to read, write, or execute files on the target system.
|
Solution:
Apple has issued a fix (J2SE 5.0 Release 4), available via Software Update or from Apple Downloads.
The Apple advisory is available at:
http://docs.info.apple.com/article.html?artnum=303658
|
Vendor URL: sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
UNIX (OS X)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
