SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
(Apple Issues Fix for OS X) Sun Java Runtime Environment (JRE) Reflection API Bugs Let Applets Gain Elevated Privileges
SecurityTracker Alert ID:  1015298
SecurityTracker URL:  http://securitytracker.com/id/1015298
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 30 2005
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): SDK and JRE 1.3.1_15 and prior, SDK and JRE 1.4.2_08 and prior, JDK and JRE 5.0 Update 3 and prior
Description:   Several vulnerabilities were reported in Sun's Java Runtime Environment (JRE). A remote applet may be able to gain elevated privileges.

Three vulnerabilities exist in certain "reflection" APIs in JRE. A remote, untrusted applet may be able to gain elevated privleges. For example, an applet may be able to obtain permissions to read and write local files or execute local applications with the privileges of the user running the untrusted applet.

Sun credits Adam Gowdiak with reporting these vulnerabilities.

Impact:   A remote applet may be able to gain elevated privileges, such as the ability to read or write to files on the target system or execute applications on the target system with the privileges of the user running the applet.
Solution:   Apple issued a fix for Mac OS X v10.4 in Java 1.3.1 & 1.4.2 Release 2 (available since September 13, 2005) and J2SE 5.0 Release 3 (available since November 15, 2005).

The fix is available from the Software Update pane in System Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/java2se50release3.html
http://www.apple.com/support/downloads/java131and142release2.html

For Java 1.3.1 & Java 1.4.2:
The download file is named: "Java131and142Release2.dmg"
Its SHA-1 digest is: 9e9f752ff56da7ab13f3b11f40b528c901145019

For J2SE 5.0 Release 3:
The download file is named: "J2SE50Release3.dmg"
Its SHA-1 digest is: c5fe977bd9a2d145e9d122ed80768488c89dcc98

For Mac OS X v10.3.9, the fix is included with Java Security Update (released on September 13, 2005), available from the Software Update pane in System
Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/javasecurityupdate.html

The download file is named: "JavaSecurityUpdate4.dmg"
Its SHA-1 digest is: b6babb98a98c20bdc7d2ca9b14c56b93ff3813a7

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1 (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (macOS/OS X)
Underlying OS Comments:  10.3.9, 10.4.x

Message History:   This archive entry is a follow-up to the message listed below.
Nov 29 2005 Sun Java Runtime Environment (JRE) Reflection API Bugs Let Applets Gain Elevated Privileges



 Source Message Contents

Subject:  APPLE-SA-2005-11-30 J2SE 5.0 Release 3


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-30 J2SE 5.0 Release 3

Available for: Mac OS X v10.4.2 or later with Java 1.3.1 and 1.4.2
Release 2

On November 28, 2005, Sun released Security Alerts #102003, #102050
and #102017.  These alerts describe vulnerabilities that are already
fixed in Mac OS X v10.4 with Java 1.3.1 & 1.4.2 Release 2 and
J2SE 5.0 Release 3.

Java 1.3.1 and 1.4.2 Release 2 have been available since
September 13, 2005.

J2SE 5.0 Release 3 has been available since November 15, 2005.

These may be obtained from the Software Update pane in System
Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/java2se50release3.html
http://www.apple.com/support/downloads/java131and142release2.html

For Java 1.3.1 & Java 1.4.2:
The download file is named:  "Java131and142Release2.dmg"
Its SHA-1 digest is:  9e9f752ff56da7ab13f3b11f40b528c901145019

For J2SE 5.0 Release 3:
The download file is named:  "J2SE50Release3.dmg"
Its SHA-1 digest is:  c5fe977bd9a2d145e9d122ed80768488c89dcc98

For systems running Mac OS X v10.3.9, the Sun alerts are fixed with
Java Security Update, which was released on September 13, 2005.
It is available either from the Software Update pane in System
Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/javasecurityupdate.html

The download file is named:  "JavaSecurityUpdate4.dmg"
Its SHA-1 digest is:  b6babb98a98c20bdc7d2ca9b14c56b93ff3813a7

To determine that your system has the latest Java versions installed,
start Terminal from Finder at Applications/Utilities/Terminal, and
type:

For Mac OS X v10.3.9 and Mac OS X v10.4.2 or later:

/System/Library/Frameworks/JavaVM.framework/Versions/1.3.1/Commands/java
- -version
You should see:  java version "1.3.1_16"

/System/Library/Frameworks/JavaVM.framework/Versions/1.4.2/Commands/java
- -version
You should see:  java version "1.4.2_09"

For Mac OS X v10.4.2 or later:

/System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Commands/java
- -version
You should see:  java version "1.5.0_05"

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ44K0YHaV5ucd/HdAQK9nwf9F2kifsbQCm0lH62sXGxLC+UUvIfqL5R+
kBaEpNKH5QnnzthjTLxi8reeQ5bhjyoXUA8mhaY31q0imkLEeXueYGq8J/QPPk0n
N+7BVXTXOxSpjISSDK98qfpg5NUNOvXQ43B/qW3RrJ27Zic0bunDfDc77UFSOnmj
HwT6VmItXSwKMcM7Dz+Ha3gnxHZrUBFajB66l8xOb80FybE3tOF4St9CXwWyzYNv
k7E6d7e0q4OFDAXtIHoLItNcYC9BqO2rRu5hFsCHBYfZ3aB/gShqmou959moMYpD
uxl1QNpLmEywRVD1jjzEkD4J5bjvJ9jGOWiP5DMOL4A3V9hXZEF78Q==
=e7Ly
-----END PGP SIGNATURE-----

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (Security-announce@lists.apple.com)
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC