[原创] Java实时环境多个权限提升漏洞

主题	好友	1936 积分

金牌会员

发消息

发表于 2010-1-19 13:01:02 |显示全部楼层

BUGTRAQ ID: 15615
CNCAN ID:CNCAN-2005113020

漏洞消息时间:2005-11-29

影响系统
Sun SDK (Windows Production Release) 1.4.2 _08
Sun SDK (Windows Production Release) 1.4.2 _05
Sun SDK (Windows Production Release) 1.4.2 _04
Sun SDK (Windows Production Release) 1.4.2 _03
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.1 _03
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
Sun SDK (Windows Production Release) 1.4 .0_4
Sun SDK (Windows Production Release) 1.4 .0_03
Sun SDK (Windows Production Release) 1.4 .0_02
Sun SDK (Windows Production Release) 1.4 .0_01
Sun SDK (Windows Production Release) 1.4
Sun SDK (Windows Production Release) 1.3.1 _15
Sun SDK (Windows Production Release) 1.3.1 _14
Sun SDK (Windows Production Release) 1.3.1 _13
Sun SDK (Windows Production Release) 1.3.1 _12
Sun SDK (Windows Production Release) 1.3.1 _11
Sun SDK (Windows Production Release) 1.3.1 _10
Sun SDK (Windows Production Release) 1.3.1 _09
Sun SDK (Windows Production Release) 1.3.1 _08
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.3 .0_05
Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Solaris Production Release) 1.4.2 _08
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4 .0_4
Sun SDK (Solaris Production Release) 1.4 .0_03
Sun SDK (Solaris Production Release) 1.4 .0_02
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Solaris Production Release) 1.3.1 _15
Sun SDK (Solaris Production Release) 1.3.1 _14
Sun SDK (Solaris Production Release) 1.3.1 _13
Sun SDK (Solaris Production Release) 1.3.1 _12
Sun SDK (Solaris Production Release) 1.3.1 _11
Sun SDK (Solaris Production Release) 1.3.1 _10
Sun SDK (Solaris Production Release) 1.3.1 _09
Sun SDK (Solaris Production Release) 1.3.1 _08
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.3 _05
Sun SDK (Solaris Production Release) 1.3 _02
Sun SDK (Solaris Production Release) 1.3 .0_02
Sun SDK (Solaris Production Release) 1.3
Sun SDK (Linux Production Release) 1.4.2 _08
Sun SDK (Linux Production Release) 1.4.2 _05
Sun SDK (Linux Production Release) 1.4.2 _04
Sun SDK (Linux Production Release) 1.4.2 _03
Sun SDK (Linux Production Release) 1.4.2 _02
Sun SDK (Linux Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Linux Production Release) 1.4 .0_4
Sun SDK (Linux Production Release) 1.4 .0_03
Sun SDK (Linux Production Release) 1.4 .0_02
Sun SDK (Linux Production Release) 1.4
Sun SDK (Linux Production Release) 1.3.1 _15
Sun SDK (Linux Production Release) 1.3.1 _14
Sun SDK (Linux Production Release) 1.3.1 _13
Sun SDK (Linux Production Release) 1.3.1 _12
Sun SDK (Linux Production Release) 1.3.1 _11
Sun SDK (Linux Production Release) 1.3.1 _10
Sun SDK (Linux Production Release) 1.3.1 _09
Sun SDK (Linux Production Release) 1.3.1 _08
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.3 _05
Sun SDK (Linux Production Release) 1.3 _02
Sun SDK (Linux Production Release) 1.3 .0_02
Sun JDK (Windows Production Release) 1.5 .0_03
Sun JDK (Solaris Production Release) 1.5 .0_03
Sun JDK (Linux Production Release) 1.5 .0_03
Sun Java 2 Runtime Environment 1.5 .0_03
Sun Java 2 Runtime Environment 1.5 .0_02
Sun Java 2 Runtime Environment 1.5 .0_01
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.4.2 _08
Sun Java 2 Runtime Environment 1.4.2 _07
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.4.2
Sun Java 2 Runtime Environment 1.4.1
Sun Java 2 Runtime Environment 1.3.1 _15
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _04
Sun Java 2 Runtime Environment 1.3.1 _01a
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 1.3.1
Sun Java 2 Runtime Environment 1.3 0_05
Sun Java 2 Runtime Environment 1.3 0_04
Sun Java 2 Runtime Environment 1.3 0_03
Sun Java 2 Runtime Environment 1.3 0_02
Sun Java 2 Runtime Environment 1.3 0_01
Sun Java 2 Runtime Environment 1.3 .0

危害
远程攻击者可以利用漏洞读写系统本地文件或可能执行任意应用程序。

攻击所需条件
攻击者必须构建恶意Applet，诱使用户处理。

漏洞信息
Sun JRE是一款JAVA运行库。
Sun JRE存在多个权限提升问题，远程攻击者可以利用漏洞读写系统本地文件或可能执行任意应用程序。
构建恶意Applet，诱使用户处理，可触发此问题，目前没有详细漏洞细节提供。

厂商解决方案
可参考如下链接获得补丁信息：
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102050-1
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1

漏洞提供者
Adam Gowdiak.

漏洞消息链接
http://www.securityfocus.com/bid/15615

漏洞消息标题
Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities

使用道具举报

返回列表

		自动登录	找回密码
密码			注册会员

[原创] Java实时环境多个权限提升漏洞

快速发帖