15 giugno 2009

Sun Java Runtime Environment Aqua Look and Feel Multiple Privilege Escalation Vulnerabilities

Security Focus (http://www.securityfocus.com/) riporta un bollettino di sicurezza (Bugtraq ID 35381 (http://www.securityfocus.com/bid/35381/info)) in cui si spiega che sono state trovate multiple vulnerabilità in Sun Java Runtime Environment (JRE) che esporrebbero il computer di un utente ignaro ad attacchi di tipo privilege-escalation.

Lo sfruttamento con successo delle falle permetterebbe ad un attacker di far eseguire codice arbitrario con privilegi di alto livello sul computer in cui gira il JRE.

Le falle è stata confermata in JRE 1.5 su piataforma Mac OS X 10.5.

Più nello specifico:
Sun JRE (Windows Production Release) 1.5 _06
Sun JRE (Windows Production Release) 1.5 _05
Sun JRE (Windows Production Release) 1.5 _04
Sun JRE (Windows Production Release) 1.5 _03
Sun JRE (Windows Production Release) 1.5 _02
Sun JRE (Windows Production Release) 1.5 _01
Sun JRE (Windows Production Release) 1.5
Sun JRE (Windows Production Release) 1.5.0_17
Sun JRE (Windows Production Release) 1.5.0_14
Sun JRE (Windows Production Release) 1.5.0_13
Sun JRE (Windows Production Release) 1.5.0_12
Sun JRE (Windows Production Release) 1.5.0_11
Sun JRE (Windows Production Release) 1.5.0_10
Sun JRE (Windows Production Release) 1.5.0_10
Sun JRE (Windows Production Release) 1.5.0.0_09
Sun JRE (Windows Production Release) 1.5.0.0_08
Sun JRE (Windows Production Release) 1.5.0.0_07
Sun JRE (Solaris Production Release) 1.5 _06
Sun JRE (Solaris Production Release) 1.5 _05
Sun JRE (Solaris Production Release) 1.5 _04
Sun JRE (Solaris Production Release) 1.5 _03
Sun JRE (Solaris Production Release) 1.5 _02
Sun JRE (Solaris Production Release) 1.5 _01
Sun JRE (Solaris Production Release) 1.5.0_17
Sun JRE (Solaris Production Release) 1.5.0_14
Sun JRE (Solaris Production Release) 1.5.0_13
Sun JRE (Solaris Production Release) 1.5.0_12
Sun JRE (Solaris Production Release) 1.5.0_11
Sun JRE (Solaris Production Release) 1.5.0_10
Sun JRE (Solaris Production Release) 1.5.0.0_09
Sun JRE (Solaris Production Release) 1.5.0.0_08
Sun JRE (Solaris Production Release) 1.5.0.0_07
Sun JRE (Linux Production Release) 1.5 _07
Sun JRE (Linux Production Release) 1.5 _06
Sun JRE (Linux Production Release) 1.5 _05
Sun JRE (Linux Production Release) 1.5 _04
Sun JRE (Linux Production Release) 1.5 _03
Sun JRE (Linux Production Release) 1.5 _02
Sun JRE (Linux Production Release) 1.5 _01
Sun JRE (Linux Production Release) 1.5 .0 beta
Sun JRE (Linux Production Release) 1.5
Sun JRE (Linux Production Release) 1.5.0_17
Sun JRE (Linux Production Release) 1.5.0_14
Sun JRE (Linux Production Release) 1.5.0_13
Sun JRE (Linux Production Release) 1.5.0_13
Sun JRE (Linux Production Release) 1.5.0_12
Sun JRE (Linux Production Release) 1.5.0_12
Sun JRE (Linux Production Release) 1.5.0_11
Sun JRE (Linux Production Release) 1.5.0_10
Sun JRE (Linux Production Release) 1.5.0_09
Sun JRE (Linux Production Release) 1.5.0_08
Apple Mac OS X 10.5.7
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5

Soluzione:
Apple ha rilasciato un aggiornamentoscaricabile da questa pagina (http://support.apple.com/downloads/DL848/en_US/JavaForMacOSX10.5Update4.dmg).


Classe falle:
Design Error

Falla scoperta da:
riportata da un anonimo ricercatore nell'ambito di Zero Day Initiative.





Fonte: SecurityFocus (http://www.securityfocus.com/bid/35381/info)

ma la 1.5 non è vecchia? :what:

beh sun supporta ancora anche le vecchie versioni e comunque tieni presente che qui si parla di versioni per Mac ;)

effettivamente del mac non ne so' nulla ma mi attendevo che anche per questa piattaforma andassero di pari passo come per la piattaforma linux... :)

Apple tappa una falla critica nel Java di OS X (http://www.webnews.it/news/leggi/10974/apple-tappa-una-falla-critica-nel-java-di-os-x/) su webnews