Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is missing Security Update 2005-002. This security
update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to
escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user
running the applet. Releases prior to Java 1.4.2 on Mac OS X are not
affected by this vulnerability.

See also :

http://support.apple.com/kb/TA22931

Solution :

Install Security Update 2005-002.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 17195 (macosx_SecUpd2005-002.nasl)

Bugtraq ID: 11726

CVE ID: CVE-2004-1029

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial