| VID |
28095 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Sun JRE Java Plug-in, according to its version number, has a security restriction bypass vulnerability. The Java Plug-in is part of the Java 2 Runtime Environment (JRE) and establishes a framework for displaying Java applets within a web browser. Sun Microsystems Java Runtime Environment (JRE) and Software Development Kit (SDK) versions 1.4.2_05 and earlier, 1.4.1, 1.4.0 and 1.3.1_12 and earlier could allow a malicious applet to bypass restrictions for accessing private Java packages. Java's built-in security framework is designed to prevent access to private Java packages that are used internally by the Java Virtual Machine (JVM). When a Java applet attempts to access one of these packages, an AccessControlException will be thrown indicating that the requested access is denied. However, a flaw in the security framework fails to prevent such access to these private Java packages via JavaScript code. If a victim is running a browser on a Java Virtual Machine (VM), a remote attacker could create a malicious website that contains JavaScript code to exploit this vulnerability to bypass restrictions and execute arbitrary code with user privileges.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.kb.cert.org/vuls/id/760344
http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1
* Platforms Affected:
Sun Microsystems, Sun JRE 1.3.1_12 and earlier
Sun Microsystems, Sun JRE 1.4.0
Sun Microsystems, Sun JRE 1.4.1
Sun Microsystems, Sun JRE 1.4.2_05 and earlier
Sun Microsystems, Sun SDK 1.3.1_12 and earlier
Sun Microsystems, Sun SDK 1.4.0
Sun Microsystems, Sun SDK 1.4.1
Sun Microsystems, Sun SDK 1.4.2_05 and earlier
Microsoft Windows Any version
Red Hat, Inc., Red Hat Enterprise Linux 2.1AS, 2.1ES, 2.1WS, 3AS, 3ES, 3WS
Sun Microsystems, Solaris 7, 8, 9
SuSE Linux 8.0, 8.2, 9.0
SuSE Linux Desktop (SLD) 8
SuSE Linux Enterprise Server 8, 9 |
| Recommendation |
Upgrade to the latest version of Sun JRE/SDK (1.4.2_06 or 1.3.1_13 or later), available from the Sun Microsystems, Inc. Web site at http://java.sun.com/j2se/1.4.2/download.html |
| Related URL |
CVE-2004-1029 (CVE) |
| Related URL |
11726 (SecurityFocus) |
| Related URL |
18188 (ISS) |
|
