FreeBSD : Java 1.7 -- security manager bypass (16846d1e-f1de-11e1-8bd8-0022156e8794)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

US-CERT reports :

Oracle Java Runtime Environment (JRE) 1.7 contains a vulnerability
that may allow an applet to call setSecurityManager in a way that
allows setting of arbitrary permissions.

By leveraging the public, privileged getField() function, an untrusted
Java applet can escalate its privileges by calling the
setSecurityManager() function to allow full privileges, without
requiring code signing.

This vulnerability is being actively exploited in the wild, and
exploit code is publicly available.

This exploit does not only affect Java applets, but every piece of
software that relies on the Java Security Manager for sandboxing
executable code is affected: malicious code can totally disable
Security Manager.

See also :

http://www.nessus.org/u?1add1ebe
http://www.nessus.org/u?c9746b5f
http://www.nessus.org/u?00370937
http://www.nessus.org/u?d423cd32

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 61740 ()

Bugtraq ID:

CVE ID: CVE-2012-4681

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now