Detections
Analytics

GLSA-200506-14 : Sun and Blackdown Java: Applet privilege escalation

medium Nessus Plugin ID 18529

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200506-14 (Sun and Blackdown Java: Applet privilege escalation)

 Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges.
 Impact :

 A remote attacker could embed a malicious Java applet in a web page and entice a victim to view it. This applet can then bypass security restrictions and execute any command or access any file with the rights of the user running the web browser.
 Workaround :

 There are no known workarounds at this time.

Solution

All Sun JDK users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.08' All Sun JRE users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.08' All Blackdown JDK users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.02' All Blackdown JRE users should upgrade to the latest version:
 # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.02' Note to SPARC users: There is no stable secure Blackdown Java for the SPARC architecture. Affected users should remove the package until a SPARC package is released.

See Also

http://www.nessus.org/u?12761df5

http://www.nessus.org/u?476d4cb9

https://security.gentoo.org/glsa/200506-14

Plugin Details

Severity: Medium

ID: 18529

File Name: gentoo_GLSA-200506-14.nasl

Version: 1.16

Type: local

Published: 6/20/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:blackdown-jdk, p-cpe:/a:gentoo:linux:blackdown-jre, p-cpe:/a:gentoo:linux:sun-jdk, p-cpe:/a:gentoo:linux:sun-jre-bin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 6/19/2005

Reference Information

GLSA: 200506-14