HP-UX Java Classloader Applet Privilege Escalation

2003-11-07T07:16:54
ID OSVDB:2785
Type osvdb
Reporter OSVDB
Modified 2003-11-07T07:16:54

Description

Vulnerability Description

HP-UX systems running Java contain a flaw that allows a remote attacker to escalate prileges on a vulnerable system. The issue is due to a nondescript flaw in untrusted applets.

Solution Description

Upgrade to version 1.4.1.04, 1.3.1.11 or 1.2.1.16 of Java (or higher), as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

HP-UX 11.00, 11.11, 11.22 and 11.23 typically install with Java Runtime Environment. These installs are most likely the 1.4.1.x, 1.3.1.x, or 1.2.1.x code base. Due to this, the combination of HP-UX and JRE make most systems vulnerable to this flaw. It is important that you check the exact version of JRE to verify if it affects you.

Short Description

HP-UX systems running Java contain a flaw that allows a remote attacker to escalate prileges on a vulnerable system. The issue is due to a nondescript flaw in untrusted applets.

References:

Vendor Specific Solution URL: http://www.hp.com/go/java Vendor Specific Advisory URL Secunia Advisory ID:10160