Sun SDK/JRE/JDK reflection APIs allows elevated privileges

sun-reflection-api-elevate-privileges (23251) The risk level is classified as HighHigh Risk

Description:

Sun Microsystems Software Development Kit (SDK) and Java Runtime Environment (JRE) could allow a remote attacker to gain elevated privileges, caused by three vulnerabilities when reflection APIs are used in the JRE. A remote attacker could create an untrusted applet, which could then be used to gain elevated privileges and read or write local files or execute arbitrary applications on the system.

Platforms Affected:

  • Gentoo, Linux
  • Sun, J2RE 1.3.0
  • Sun, J2RE 1.3.0_01
  • Sun, J2RE 1.3.0_02
  • Sun, J2RE 1.3.0_03
  • Sun, J2RE 1.3.0_04
  • Sun, J2RE 1.3.0_05
  • Sun, J2RE 1.3.1
  • Sun, J2RE 1.3.1_01
  • Sun, J2RE 1.3.1_01a
  • Sun, J2RE 1.3.1_04
  • Sun, J2RE 1.3.1_08
  • Sun, J2RE 1.3.1_15
  • Sun, J2RE 1.4.1
  • Sun, J2RE 1.4.2
  • Sun, J2RE 1.4.2_01
  • Sun, J2RE 1.4.2_02
  • Sun, J2RE 1.4.2_03
  • Sun, J2RE 1.4.2_04
  • Sun, J2RE 1.4.2_05
  • Sun, J2RE 1.4.2_06
  • Sun, J2RE 1.4.2_07
  • Sun, J2RE 1.4.2_08
  • Sun, J2RE 1.5
  • Sun, J2RE 1.5.0_01
  • Sun, J2RE 1.5.0_02
  • Sun, J2RE 1.5.0_03
  • Sun, JDK 1.5.0 Update3
  • Sun, SDK 1.3.0
  • Sun, SDK 1.3.0_02
  • Sun, SDK 1.3.0_05
  • Sun, SDK 1.3.1_01
  • Sun, SDK 1.3.1_01a
  • Sun, SDK 1.3.1_02
  • Sun, SDK 1.3.1_03
  • Sun, SDK 1.3.1_04
  • Sun, SDK 1.3.1_05
  • Sun, SDK 1.3.1_06
  • Sun, SDK 1.3.1_07
  • Sun, SDK 1.3.1_08
  • Sun, SDK 1.3.1_09
  • Sun, SDK 1.3.1_10
  • Sun, SDK 1.3.1_11
  • Sun, SDK 1.3.1_12
  • Sun, SDK 1.3.1_13
  • Sun, SDK 1.3.1_14
  • Sun, SDK 1.3.1_15
  • Sun, SDK 1.3_02
  • Sun, SDK 1.3_05
  • Sun, SDK 1.4.0
  • Sun, SDK 1.4.0_01
  • Sun, SDK 1.4.0_02
  • Sun, SDK 1.4.0_03
  • Sun, SDK 1.4.0_4
  • Sun, SDK 1.4.1
  • Sun, SDK 1.4.1_01
  • Sun, SDK 1.4.1_02
  • Sun, SDK 1.4.1_03
  • Sun, SDK 1.4.2
  • Sun, SDK 1.4.2_01
  • Sun, SDK 1.4.2_02
  • Sun, SDK 1.4.2_03
  • Sun, SDK 1.4.2_04
  • Sun, SDK 1.4.2_05
  • Sun, SDK 1.4.2_08

Remedy:

Upgrade to the latest version of Sun SDK, JDK and JRE, available from Sun Alert ID: 102003. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-01-10 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Privileges

References:

  • Sun Alert ID: 102003, Security Vulnerabilities in the Java Runtime Environment May Allow an Untrusted Applet to Elevate Its Privileges at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1&searchclause=102003.
  • BID-15615: Sun Java Runtime Environment Multiple Privilege Escalation Vulnerabilities
  • CVE-2005-3905: Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the first issue identified in SUNALERT:102003.
  • CVE-2005-3906: Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the second and third issues identified in SUNALERT:102003.
  • GLSA-200601-10: Sun and Blackdown Java: Applet privilege escalation
  • SA17748: Sun Java JRE Sandbox Security Bypass Vulnerabilities
  • SA18092: IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities
  • SECTRACK ID: 1015280: Sun Java Runtime Environment (JRE) Reflection API Bugs Let Applets Gain Elevated Privileges
  • SUSE-SR:2006:001: SUSE Security Summary Report
  • US-CERT VU#974188: Sun Java Runtime Environment reflection API privilege elevation vulnerabilities
  • VUPEN/ADV-2005-2636: Sun Java JRE and SDK Multiple Sandbox Security Bypass Vulnerabilities
  • VUPEN/ADV-2005-2675: Apple Mac OS X Security Update Fixes Multiple J2SE Vulnerabilities
  • VUPEN/ADV-2005-2946: IBM Java SDK Multiple Sandbox Security Bypass Vulnerabilities

Reported:

Nov 28, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page