The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Java Web Start: privilege elevation via JNLP

Synthesis of the vulnerability 

A malicious applet can access to local files of victim's computer via Java Web Start.
Vulnerable software: Java Oracle, RHEL.
Severity of this announce: 3/4.
Creation date: 02/05/2007.
Références of this computer vulnerability: 102881, 6461918, BID-23728, CERTA-2007-AVI-238, CERTA-2007-AVI-348, CVE-2007-2435, RHSA-2007:0817-01, RHSA-2007:0818-01, RHSA-2007:0829-01, RHSA-2008:0261-01, RHSA-2008:0524-01, VIGILANCE-VUL-6775.

Description of the vulnerability 

The JNLP protocol (Java Networking Launching Protocol) permits to launch remote applets without installation.

A vulnerability was announced in JNLP, provided by Java Web Start. It permits a malicious applet to grant itself permissions to read or write files located on victim's computer.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This security vulnerability impacts software or systems such as Java Oracle, RHEL.

Our Vigil@nce team determined that the severity of this computer weakness bulletin is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this security note.

Solutions for this threat 

Java JDK/JRE: version 5.0 Update 11.
Version 5.0 Update 11 is corrected:
    * http://java.sun.com/j2se/1.5.0/download.jsp
    * Solaris : J2SE 5.0: update 11 (patch 118666-11)
    * Solaris : J2SE 5.0: update 11 (patch 118667-11 - 64bit)
    * Solaris : J2SE 5.0_x86: update 11 (patch 118668-11)
    * Solaris : J2SE 5.0_x86: update 11 (patch 118669-11 - 64bit)
It is recommended to uninstall previous versions:
  http://java.com/en/download/help/uninstall_java.xml

Java SDK/JRE: version 1.4.2_14.
Version 1.4.2_14 is corrected:
  http://java.sun.com/j2se/1.4.2/download.html
It is recommended to uninstall previous versions:
  http://java.com/en/download/help/uninstall_java.xml

Red Hat Network Satellite Server: version 5.0.2.
Version 5.0.2 is corrected.

RHEL 3AS, 4AS: new java, apache, modperl, modssl packages.
New packages are available:
Red Hat Network Satellite Server 4.2 (RHEL v.3 AS):
i386:
jabberd-2.0s10-3.37.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el3.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el3.i386.rpm
openmotif21-2.1.30-9.RHEL3.8.i386.rpm
openmotif21-debuginfo-2.1.30-9.RHEL3.8.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel3.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel3.i386.rpm
rhn-modperl-1.29-16.rhel3.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel3.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el3.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm
Red Hat Network Satellite Server 4.2 (RHEL v.4 AS):
i386:
jabberd-2.0s10-3.38.rhn.i386.rpm
java-1.4.2-ibm-1.4.2.10-1jpp.2.el4.i386.rpm
java-1.4.2-ibm-devel-1.4.2.10-1jpp.2.el4.i386.rpm
openmotif21-2.1.30-11.RHEL4.6.i386.rpm
openmotif21-debuginfo-2.1.30-11.RHEL4.6.i386.rpm
rhn-apache-1.3.27-36.rhn.rhel4.i386.rpm
rhn-modjk-ap13-1.2.23-2rhn.rhel4.i386.rpm
rhn-modperl-1.29-16.rhel4.i386.rpm
rhn-modssl-2.8.12-8.rhn.10.rhel4.i386.rpm
noarch:
jfreechart-0.9.20-3.rhn.noarch.rpm
perl-Crypt-CBC-2.24-1.el4.noarch.rpm
tomcat5-5.0.30-0jpp_10rh.noarch.rpm

RHEL 4, 5: new java-1.5.0-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 4: java-1.5.0-ibm-1.5.0.5-1jpp.2.el4
Red Hat Enterprise Linux version 5: java-1.5.0-ibm-1.5.0.5-1jpp.0.1.el5

RHEL Extras 3, 4, 5: new java-1.4.2-ibm packages.
New packages are available:
Red Hat Enterprise Linux version 3 Extras: java-1.4.2-ibm-1.4.2.9-1jpp.1.el3
Red Hat Enterprise Linux version 4 Extras: java-1.4.2-ibm-1.4.2.9-1jpp.1.el4
RHEL Desktop Supplementary version 5: java-1.4.2-ibm-1.4.2.9-1jpp.1.el5

RHEL Extras 4: new java-1.5.0-sun packages.
New packages are available:
Red Hat Enterprise Linux version 4 Extras: java-1.5.0-sun-1.5.0.12-1jpp.2.el4
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides application vulnerability patches. The technology watch team tracks security threats targeting the computer system.