SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Java Plug-in Vendors:   Sun
(Apple Issues Fix) Sun Java Plug-in Java-to-Javascript Bug Lets Remote Applets Execute Arbitrary Code
SecurityTracker Alert ID:  1013264
SecurityTracker URL:  http://securitytracker.com/id/1013264
CVE Reference:   CAN-2004-1029   (Links to External Site)
Date:  Feb 23 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.4.2_06
Description:   iDEFENSE reported a vulnerability in Sun's Java plug-in. A remote applet can bypass Java sandbox security mechanisms and execute arbitrary code on the target system.

It is reported that a remote user can create an applet that, when loaded by the target user, can exploit a flaw in the plug-in's Java to Javascript data exchange to bypass access controls and load an unsafe Java class. The applet can upload or download arbitrary files and execute arbitrary files with the privileges of the target user.

Web browsers using the plug-in with an affected version of the Java Virtual Machine are vulnerable.

The vendor was notified on June 29, 2004.

The original advisory is available at:

http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
Impact:   A remote user can execute arbitrary code on the target user's system.
Solution:   Apple has released a fix for Mac OS X as part of Security Update 2005-002, available from the Software Update pane in System Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c
Vendor URL:  java.sun.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:   UNIX (OS X)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 22 2004 Sun Java Plug-in Java-to-Javascript Bug Lets Remote Applets Execute Arbitrary Code


 Source Message Contents
Date:  Tue, 22 Feb 2005 13:56:33 -0800
Subject:  APPLE-SA-2005-02-22 Security Update 2005-002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-02-22 Security Update 2005-002

Security Update 2005-002 is now available and delivers the following
security enhancement for Java 1.4.2:

CVE-ID:  CAN-2004-1029

Impact:  Updates Java to address an issue where an untrusted applet
could gain elevated privileges and potentially execute arbitrary
code.

Description:  A vulnerability in the Java Plug-in may allow an
untrusted applet to escalate privileges, through JavaScript calling
into Java code, including reading and writing files with the
privileges of the user running the applet. Releases prior to Java
1.4.2 on Mac OS X are not affected by this vulnerability. Further
information is available in Document ID 57591 from Sun's security web
site at http://sunsolve.sun.com/

Security Update 2005-002 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The download file is named: "SecUpd2005-002Pan.dmg"
Its SHA-1 digest is: a97552dcd6ad73c573154e2a310f09595db4fb4c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/security_pgp.html

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQEVAwUBQhuqP5yw5owIz4TQAQLeSggAs922mIQhCcw3UytjHLIFCCOUnsNLDjXq
MyZr38ACdaRAiDE4+ZZyec3I0YcV35ByRD6B4tLlvLe09E8xdllO/fzZSS3V5qVB
gOcIQ15cC2+EDt95ADfuiP4cviw3rIjPyMv+HhUgGMb7hdbDNRHUrh+RDUdIzj4y
HY3cvHZnJuz+GuXQqUXhDIwplzS9gy4zmmSVVFWlNjg/3bSlxo230NhZz+9gwWUi
0uIVk6Oo2qXI/F7N2zbdik5VELg0hoThyILRkcvXrdonfLFAU0JG1/6gLOD1nBox
MYt/cHfgQ8gFg2SXKMYas5xm6W2hC5XfIycOIqom53nWZQkCPRNR6Q==
=V4D9
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/gst%40securitytracker.com

This email sent to ***********************


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC