SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Java SE Vendors:   Sun
Sun JRE XSLT Processor Error Lets Remote Applets Gain Elevated Privileges
SecurityTracker Alert ID:  1011661
SecurityTracker URL:  http://securitytracker.com/id/1011661
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 13 2004
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.2_04 and prior versions, 1.4.1_07 and prior versions, and 1.4.0_04 and prior versions
Description:   A vulnerability was reported in the XSLT processor in Sun's Java Runtime Environment (JRE). An applet can obtain elevated privileges.

In August 2004, Sun reported that the JRE XSLT processor allows a remote untrusted applet to read data from another applet that is being processed using the XSLT processor. The untrusted applet may be able to obtain elevated privileges.

Sun credits Marc Schoenefeld with reporting this flaw.

Impact:   An untrusted applet may be able to obtain elevated privileges.
Solution:   Sun has issued the following fixes:

Windows Production Release

SDK and JRE 1.4.2_05 or later

Solaris Operating Environment Production Release

SDK and JRE 1.4.2_05 or later

Linux Production Release

SDK and JRE 1.4.2_05 or later

The fixes are available at:

http://java.sun.com/j2se/

Vendor URL:  sunsolve.sun.com/search/document.do?assetkey=1-26-57613-1 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 13 2004 (HP Issues Fix for HP-UX) Sun JRE XSLT Processor Error Lets Remote Applets Gain Elevated Privileges
HP has issued a fix.



 Source Message Contents

Subject:  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57613


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57613

57613   Java Runtime Environment May Allow Untrusted Applets to Escalate Privileges   2 
Aug 2004

Sun reported that the XSLT processor in the Java Runtime Environment (JRE) allows a remote 
untrusted applet to read data from another applet that is being processed using the XSLT 
processor.  The untrusted applet may be able to obtain elevated privileges.

Sun credits Marc Schoenefeld with reporting this flaw.

The following versions are affected:

Windows Production Releases

SDK and JRE 1.4.2_04 or earlier
SDK and JRE 1.4.1_07 or earlier
SDK and JRE 1.4.0_04 or earlier

Solaris Operating Environment Production Releases

SDK and JRE 1.4.2_04 or earlier
SDK and JRE 1.4.1_07 or earlier
SDK and JRE 1.4.0_04 or earlier

Linux Production Releases

SDK and JRE 1.4.2_04 or earlier
SDK and JRE 1.4.1_07 or earlier
SDK and JRE 1.4.0_04 or earlier

Sun indicates SDK and JRE releases for Windows, Solaris, and Linux prior to version 1.4.0 
are not affected.

Sun has issued the following fixes:

Windows Production Release

SDK and JRE 1.4.2_05 or later

Solaris Operating Environment Production Release

SDK and JRE 1.4.2_05 or later

Linux Production Release

SDK and JRE 1.4.2_05 or later

The fixes are available at:

http://java.sun.com/j2se/

-----

Sun(sm) Alert Notification
Sun Alert ID: 57613
Synopsis: Java Runtime Environment May Allow Untrusted Applets to Escalate Privileges
Category: Security
Product: Java JRE/SDK
BugIDs: 5020333, 4954066
Avoidance: Upgrade
State: Resolved
Date Released: 02-Aug-2004
Date Closed: 02-Aug-2004
Date Modified:



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC