Sun Java Plugin 8.3 Name Predictable File Location Weakness

2005-02-08T17:37:55
ID OSVDB:13620
Type osvdb
Reporter Andreas Sandblad(as@secunia.com)
Modified 2005-02-08T17:37:55

Description

Vulnerability Description

Sun Java Plugin contains a flaw that may allow a malicious user to write arbitrary content. The issue is triggered when the plugin creates temporary files with predictable names in a predictable location for a class which may be referenced by the 8.3 file schema occurs. It is possible that the flaw may allow the writing of arbitrary content to the files resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): changing the default temporary internet files directory.

Short Description

Sun Java Plugin contains a flaw that may allow a malicious user to write arbitrary content. The issue is triggered when the plugin creates temporary files with predictable names in a predictable location for a class which may be referenced by the 8.3 file schema occurs. It is possible that the flaw may allow the writing of arbitrary content to the files resulting in a loss of integrity.

References:

Vendor URL: http://java.sun.com/j2se/1.3/ Secunia Advisory ID:11070 ISS X-Force ID: 19285 CVE-2005-0471