Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 96092 - dev-java/sun-jdk- may allow untrusted applet to elevate privileges
Summary: dev-java/sun-jdk- may allow untrusted applet to elevate privileges
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on: 96229
  Show dependency tree
Reported: 2005-06-14 09:20 UTC by Stefan Tittel
Modified: 2005-06-19 12:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Tittel 2005-06-14 09:20:43 UTC
A vulnerability in the Java Runtime Environment provided by dev-java/sun-jdk- may allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

For further details please have a look at the URL specified.

Affected are all Sun 1.4 JDKs <=1.4.2_07, so it hits dev-java/sun-jdk- The actual stable-lead dev-java/sun-jdk- seems to be fine, so removing or hard masking dev-java/sun-jdk- should do the trick.

Also other JDKs like dev-java/blackdown-jdk or dev-java/compaq-jdk might be affected, this should be investigated.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-06-14 12:41:12 UTC
Java please advise also on other Java flavors. 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-06-16 09:04:54 UTC is released and stable on the right platforms. I would say this is
ready for a common GLSA with bug 96229.
Comment 3 Jan Brinkmann (RETIRED) gentoo-dev 2005-06-16 10:03:33 UTC
removed the vulnerable version
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2005-06-19 12:02:46 UTC
GLSA 200506-14