CVE-2005-1974
CVSS5.1
发布时间 :2005-06-16 00:00:00
修订时间 :2016-10-17 23:23:42
NMCOS    

[原文]Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.


[CNNVD]Sun Java Standard Edition 未知特权提升漏洞(CNNVD-200506-166)

        Java 2 Platform, Standard Edition (J2SE) 5.0和5.0 Update 1,J2SE 1.4.2至1.4.2_07版本中存在未知漏洞,当用于包括HP-UX和(2)APC PowerChute在内的多个产品和平台时,应用程序可利用此漏洞为自己分配权限,并获取特权。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:sun:j2se:5.0_update1::sdk
cpe:/a:sun:j2se:1.4.2::sdk
cpe:/a:sun:j2se:1.4.2_02::sdk
cpe:/a:sun:j2se:1.4.2_06::sdk
cpe:/a:sun:j2se:1.4.2_01::sdk
cpe:/a:sun:j2se:1.4.2_03::sdk
cpe:/a:sun:j2se:1.4.2_05::sdk
cpe:/a:sun:j2se:1.4.2_04::sdk
cpe:/a:sun:j2se:1.4.2_07::sdk
cpe:/a:sun:j2se:5.0::sdk

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1974
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1974
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-166
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112861772130119&w=2
(UNKNOWN)  HP  SSRT051004
http://marc.info/?l=bugtraq&m=112992075412844&w=2
(UNKNOWN)  HP  SSRT051052
http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
(UNKNOWN)  CONFIRM  http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=7638
http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
(UNKNOWN)  CONFIRM  http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html
http://securityreason.com/securityalert/56
(UNKNOWN)  SREASON  56
http://securitytracker.com/id?1015643
(UNKNOWN)  SECTRACK  1015643
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101749-1
(VENDOR_ADVISORY)  SUNALERT  101749
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101799-1
(UNKNOWN)  SUNALERT  101799
http://www.novell.com/linux/security/advisories/2005_32_java2.html
(UNKNOWN)  SUSE  SUSE-SA:2005:032
http://www.securityfocus.com/bid/13958
(UNKNOWN)  BID  13958
http://www.vupen.com/english/advisories/2005/2150
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2150

- 漏洞信息

Sun Java Standard Edition 未知特权提升漏洞
中危 资料不足
2005-06-16 00:00:00 2006-06-15 00:00:00
远程  
        Java 2 Platform, Standard Edition (J2SE) 5.0和5.0 Update 1,J2SE 1.4.2至1.4.2_07版本中存在未知漏洞,当用于包括HP-UX和(2)APC PowerChute在内的多个产品和平台时,应用程序可利用此漏洞为自己分配权限,并获取特权。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Java 2 Standard Edition SDK 1.4.2
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _03
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _02
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _05
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _07
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _02
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _04
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _06
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _04
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _05
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _01
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _01
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.4.2 _06
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _03
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Standard Edition SDK 1.4.2 _07
        Sun J2SE 1.4.2
        http://java.sun.com/j2se/1.4.2/download.html
        Sun Java 2 Runtime Environment 1.5
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun Java 2 Standard Edition SDK 1.5 _01
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun JRE (Linux Production Release) 1.5 _01
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        Sun Java 2 Standard Edition SDK 1.5
        Sun J2SE 5.0 (1.5.0) Update 2
        http://java.sun.com/j2se/1.5.0/index.jsp
        HP OpenView VantagePoint for HP-UX 6.0
        HP PHSS_33866
        http://itrc.hp.com
        HP OpenView VantagePoint for Solaris 6.0
        HP ITOSOL_00468
        http://itrc.hp.com
        HP OpenView Operations for UNIX 7.0
        HP PHSS_32406
        http://itrc.hp.com
        HP OpenView Operations for Solaris 7.0
        HP ITOSOL_00388
        http://itrc.hp.com
        HP OpenView Operations for UNIX 8.0
        HP PHSS_33627
        http://itrc.hp.com
        HP OpenView Operations for Solaris 8.0
        HP ITOSOL_00451
        http://itrc.hp.com
        

- 漏洞信息

17340
Sun JRE Untrusted Applet Privilege Escalation
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

Java 2 Platform Standard Edition (J2SE) contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an unspecified flaw, which may allow an untrusted applet to grant itself permissions to arbitrary read and write files and/or execute arbitrary applications resulting in a loss of integrty.

- 时间线

2005-06-13 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.0 Update 2 or 1.4.2_08 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun Java Runtime Environment Unspecified Privilege Escalation Vulnerability
Unknown 13958
Yes No
2005-06-14 12:00:00 2009-07-12 05:56:00
Adam Gowdiak reported this issue to the vendor.

- 受影响的程序版本

Sun SDK (Linux Production Release) 1.5 _01
Sun SDK (Linux Production Release) 1.5
Sun SDK (Linux Production Release) 1.4.2 _07
Sun SDK (Linux Production Release) 1.4.2 _06
Sun JRE (Linux Production Release) 1.5 _01
Sun JRE (Linux Production Release) 1.4.2 _07
Sun Java 2 Standard Edition SDK 1.4.2 _05
Sun Java 2 Standard Edition SDK 1.4.2 _04
Sun Java 2 Standard Edition SDK 1.4.2 _03
Sun Java 2 Standard Edition SDK 1.4.2 _02
Sun Java 2 Standard Edition SDK 1.4.2 _01
Sun Java 2 Standard Edition SDK 1.4.2
Sun Java 2 Runtime Environment 1.5
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.4.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Novell Linux Desktop 9
HP OpenView VantagePoint for Solaris 6.0
HP OpenView VantagePoint for HP-UX 6.0
HP OpenView Operations for UNIX 8.0
HP OpenView Operations for UNIX 7.0
HP OpenView Operations for Solaris 8.0
HP OpenView Operations for Solaris 7.0
HP HP-UX 11.11
HP HP-UX 11.0
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
Gentoo Linux
Conectiva Linux 10.0
Blackdown Java 2 Standard Edition SDK 1.4.2 -01
Blackdown Java 2 Standard Edition SDK 1.4.2
Blackdown Java 2 Standard Edition SDK 1.4.1
Blackdown Java 2 Runtime Environment 1.4.2 -01
Blackdown Java 2 Runtime Environment 1.4.2
Blackdown Java 2 Runtime Environment 1.4.1
APC PowerChute Network Shutdown 2.2.1
Sun SDK (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.4.2 _08
Sun Java 2 Standard Edition SDK 1.4.2 _08
Blackdown Java 2 Standard Edition SDK 1.4.2 -02
Blackdown Java 2 Runtime Environment 1.4.2 -02

- 不受影响的程序版本

Sun SDK (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.4.2 _08
Sun Java 2 Standard Edition SDK 1.4.2 _08
Blackdown Java 2 Standard Edition SDK 1.4.2 -02
Blackdown Java 2 Runtime Environment 1.4.2 -02

- 漏洞讨论

Sun Java Runtime Environment is susceptible to an unspecified privilege-escalation vulnerability.

This vulnerability allows remote, untrusted Java applications to gain elevated privileges. This allows them to read or write local files or to execute arbitrary local applications. These actions are normally forbidden for untrusted applications running in the Java virtual machine.

Further details are not available at this time. This BID will be updated as more information is disclosed.

NOTE: Reports from Harry Johnston indicate that the OraClient 10g component of Oracle Database Server 10g incorporates a vulnerable version of the Java Runtime Environment and is therefore vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案



Please see the referenced vendor advisories for details on obtaining and installing updates.


Sun Java 2 Standard Edition SDK 1.4.2

Sun Java 2 Runtime Environment 1.4.2 _03

Sun Java 2 Standard Edition SDK 1.4.2 _02

Sun Java 2 Runtime Environment 1.4.2

Sun Java 2 Standard Edition SDK 1.4.2 _05

Sun JRE (Linux Production Release) 1.4.2 _07

Sun Java 2 Runtime Environment 1.4.2 _02

Sun Java 2 Runtime Environment 1.4.2 _04

Sun SDK (Linux Production Release) 1.4.2 _06

Sun Java 2 Standard Edition SDK 1.4.2 _04

Sun Java 2 Runtime Environment 1.4.2 _05

Sun Java 2 Standard Edition SDK 1.4.2 _01

Sun Java 2 Runtime Environment 1.4.2 _01

Sun Java 2 Runtime Environment 1.4.2 _06

Sun Java 2 Standard Edition SDK 1.4.2 _03

Sun SDK (Linux Production Release) 1.4.2 _07

Sun Java 2 Runtime Environment 1.5

Sun SDK (Linux Production Release) 1.5 _01

Sun JRE (Linux Production Release) 1.5 _01

Sun SDK (Linux Production Release) 1.5

HP OpenView VantagePoint for HP-UX 6.0

HP OpenView VantagePoint for Solaris 6.0

HP OpenView Operations for UNIX 7.0

HP OpenView Operations for Solaris 7.0

HP OpenView Operations for UNIX 8.0

HP OpenView Operations for Solaris 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站