Java实时环境多个权限提升漏洞

首页	安全动态	IT新闻	安全人物	本站动态	漏洞公告	病毒警报	木马预警
流氓软件	漏洞分析	入侵检测	升级补丁	安全配置	信道安全	设备安全	协议安全
WEB安全	病毒分析	木马研究	脚本注入	后门探讨	技术应用	数据安全	企业专区

收藏本站

设为首页

Java实时环境多个权限提升漏洞

作者：佚名文章来源：不详点击数：更新时间：2007-1-25 11:41:10

发布时间：2005-11-30 15:02:39
文章作者：ADLab
文章来源：启明星辰

BUGTRAQ ID: 15615
CNCAN ID:CNCAN-2005113020

漏洞消息时间:2005-11-29

影响系统
Sun SDK (Windows Production Release) 1.4.2 _08
Sun SDK (Windows Production Release) 1.4.2 _05
Sun SDK (Windows Production Release) 1.4.2 _04
Sun SDK (Windows Production Release) 1.4.2 _03
Sun SDK (Windows Production Release) 1.4.2
Sun SDK (Windows Production Release) 1.4.1 _03
Sun SDK (Windows Production Release) 1.4.1 _02
Sun SDK (Windows Production Release) 1.4.1 _01
Sun SDK (Windows Production Release) 1.4.1
Sun SDK (Windows Production Release) 1.4 .0_4
Sun SDK (Windows Production Release) 1.4 .0_03
Sun SDK (Windows Production Release) 1.4 .0_02
Sun SDK (Windows Production Release) 1.4 .0_01
Sun SDK (Windows Production Release) 1.4
Sun SDK (Windows Production Release) 1.3.1 _15
Sun SDK (Windows Production Release) 1.3.1 _14
Sun SDK (Windows Production Release) 1.3.1 _13
Sun SDK (Windows Production Release) 1.3.1 _12
Sun SDK (Windows Production Release) 1.3.1 _11
Sun SDK (Windows Production Release) 1.3.1 _10
Sun SDK (Windows Production Release) 1.3.1 _09
Sun SDK (Windows Production Release) 1.3.1 _08
Sun SDK (Windows Production Release) 1.3.1 _07
Sun SDK (Windows Production Release) 1.3.1 _06
Sun SDK (Windows Production Release) 1.3.1 _05
Sun SDK (Windows Production Release) 1.3.1 _04
Sun SDK (Windows Production Release) 1.3.1 _03
Sun SDK (Windows Production Release) 1.3.1 _02
Sun SDK (Windows Production Release) 1.3.1 _01a
Sun SDK (Windows Production Release) 1.3 .0_05
Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Windows Production Release) 1.3 .0_02
Sun SDK (Solaris Production Release) 1.4.2 _08
Sun SDK (Solaris Production Release) 1.4.2 _05
Sun SDK (Solaris Production Release) 1.4.2 _04
Sun SDK (Solaris Production Release) 1.4.2 _03
Sun SDK (Solaris Production Release) 1.4.2
Sun SDK (Solaris Production Release) 1.4.1 _03
Sun SDK (Solaris Production Release) 1.4.1 _02
Sun SDK (Solaris Production Release) 1.4.1 _01
Sun SDK (Solaris Production Release) 1.4.1
Sun SDK (Solaris Production Release) 1.4 .0_4
Sun SDK (Solaris Production Release) 1.4 .0_03
Sun SDK (Solaris Production Release) 1.4 .0_02
Sun SDK (Solaris Production Release) 1.4
Sun SDK (Solaris Production Release) 1.3.1 _15
Sun SDK (Solaris Production Release) 1.3.1 _14
Sun SDK (Solaris Production Release) 1.3.1 _13
Sun SDK (Solaris Production Release) 1.3.1 _12
Sun SDK (Solaris Production Release) 1.3.1 _11
Sun SDK (Solaris Production Release) 1.3.1 _10
Sun SDK (Solaris Production Release) 1.3.1 _09
Sun SDK (Solaris Production Release) 1.3.1 _08
Sun SDK (Solaris Production Release) 1.3.1 _07
Sun SDK (Solaris Production Release) 1.3.1 _06
Sun SDK (Solaris Production Release) 1.3.1 _05
Sun SDK (Solaris Production Release) 1.3.1 _03
Sun SDK (Solaris Production Release) 1.3.1 _02
Sun SDK (Solaris Production Release) 1.3.1 _01
Sun SDK (Solaris Production Release) 1.3 _05
Sun SDK (Solaris Production Release) 1.3 _02
Sun SDK (Solaris Production Release) 1.3 .0_02
Sun SDK (Solaris Production Release) 1.3
Sun SDK (Linux Production Release) 1.4.2 _08
Sun SDK (Linux Production Release) 1.4.2 _05
Sun SDK (Linux Production Release) 1.4.2 _04
Sun SDK (Linux Production Release) 1.4.2 _03
Sun SDK (Linux Production Release) 1.4.2 _02
Sun SDK (Linux Production Release) 1.4.2 _01
Sun SDK (Linux Production Release) 1.4.2
Sun SDK (Linux Production Release) 1.4.1 _03
Sun SDK (Linux Production Release) 1.4.1 _02
Sun SDK (Linux Production Release) 1.4.1 _01
Sun SDK (Linux Production Release) 1.4.1
Sun SDK (Linux Production Release) 1.4 .0_4
Sun SDK (Linux Production Release) 1.4 .0_03
Sun SDK (Linux Production Release) 1.4 .0_02
Sun SDK (Linux Production Release) 1.4
Sun SDK (Linux Production Release) 1.3.1 _15
Sun SDK (Linux Production Release) 1.3.1 _14
Sun SDK (Linux Production Release) 1.3.1 _13
Sun SDK (Linux Production Release) 1.3.1 _12
Sun SDK (Linux Production Release) 1.3.1 _11
Sun SDK (Linux Production Release) 1.3.1 _10
Sun SDK (Linux Production Release) 1.3.1 _09
Sun SDK (Linux Production Release) 1.3.1 _08
Sun SDK (Linux Production Release) 1.3.1 _07
Sun SDK (Linux Production Release) 1.3.1 _06
Sun SDK (Linux Production Release) 1.3.1 _05
Sun SDK (Linux Production Release) 1.3.1 _03
Sun SDK (Linux Production Release) 1.3.1 _02
Sun SDK (Linux Production Release) 1.3.1 _01
Sun SDK (Linux Production Release) 1.3 _05
Sun SDK (Linux Production Release) 1.3 _02
Sun SDK (Linux Production Release) 1.3 .0_02
Sun JDK (Windows Production Release) 1.5 .0_03
Sun JDK (Solaris Production Release) 1.5 .0_03
Sun JDK (Linux Production Release) 1.5 .0_03
Sun Java 2 Runtime Environment 1.5 .0_03
Sun Java 2 Runtime Environment 1.5 .0_02
Sun Java 2 Runtime Environment 1.5 .0_01
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.4.2 _08
Sun Java 2 Runtime Environment 1.4.2 _07
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.4.2
Sun Java 2 Runtime Environment 1.4.1
Sun Java 2 Runtime Environment 1.3.1 _15
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _04
Sun Java 2 Runtime Environment 1.3.1 _01a
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 1.3.1
Sun Java 2 Runtime Environment 1.3 0_05
Sun Java 2 Runtime Environment 1.3 0_04
Sun Java 2 Runtime Environment 1.3 0_03
Sun Java 2 Runtime Environment 1.3 0_02
Sun Java 2 Runtime Environment 1.3 0_01
Sun Java 2 Runtime Environment 1.3 .0

危害
远程攻击者可以利用漏洞读写系统本地文件或可能执行任意应用程序。

攻击所需条件
攻击者必须构建恶意Applet，诱使用户处理。

漏洞信息
Sun JRE是一款JAVA运行库。
Sun JRE存在多个权限提升问题，远程攻击者可以利用漏洞读写系统本地文件或可能执行任意应用程序。
构建恶意Applet，诱使用户处理，可触发此问题，目前没有详细漏洞细节提供。

厂商解决方案
可参考如下链接获得补丁信息：
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102050-1
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102017-1
http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1

漏洞提供者
Adam Gowdiak.

漏洞消息链接
http://www.securityfocus.com/bid/15615

漏洞消息标题
Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities【转自世纪安全网 http://www.21safe.com】

文章录入：admin 责任编辑：admin

上一篇文章： JSP应用的安全性研究

下一篇文章： J2EE工程实现中常见安全问题解决对策

【字体：小大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】

　网友评论：（只显示最新10条。评论内容只代表网友观点，与本站立场无关！）

苹果发布安全升级文件修
苹果发布安全升级文件修
Sun Java系统服务器嵌入
PHP session.save_path(
Apple Safari javas
Sun Java运行时环境信息
PHP Easy Download file
Apple Safari javas
Sun Java运行时环境信息
PHP Easy Download file

\| 设为首页 \| 加入收藏 \| 联系站长 \| 友情链接 \| 版权申明 \|
Copyright © 2006-2008　www.anquan365.com　安全365 建议使用1024*768分辨率及第三方浏览器对本站进行浏览