Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

This script is Copyright (C) 2005-2011 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a Mac OS X update that fixes a security
issue.

Description :

The remote host is missing Security Update 2005-002. This security
update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to
escalate privileges, through JavaScript calling into Java code,
including reading and writing files with the privileges of the user
running the applet. Releases prior to Java 1.4.2 on Mac OS X are not
affected by this vulnerability.

See also :

http://support.apple.com/kb/TA22931

Solution :

Install Security Update 2005-002.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 17195 (macosx_SecUpd2005-002.nasl)

Bugtraq ID: 11726

CVE ID: CVE-2004-1029