Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | KDE Konqueror Java Bugs Let Remote Users Access Restricted Java Classes |
|---|
Categorie: Vulnerability
Posted: 2004-12-22 by ReCall
Views: 455
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A vulnerability was reported in KDE Konqueror in the Java implementation. A remote user can bypass the Java sandbox security mechanism and can also gain access to certain restricted Java classes.
The vendor reported that a remote user can create JavaScript that, when loaded by the target user, will be able to bypass the Java sandbox security mechanisms and access restricted Java classes. Also, a remote user can create Java code that, when loaded by the target user, can access certain Java classes that it should not be able to access.
In both cases, the applet may be able to obtain elevated privileges to read and write files with the privileges of the target user.
The vendor was notified on November 24, 2004.
heise Security is credited with reporting this flaw.
A demonstration exploit check is available at:
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
Impact: A remote user can access to restricted Java classes to potentially read and write files on the target system with the privileges of the target user.
Solution: The vendor has issued a fixed version (3.3.2), available at:
http://www.kde.org/download/
Also, a patch is available for KDE 3.2.3:
ftp://ftp.kde.org/pub/kde/security_patches
7fc001d010c640738ed7d2fe347f002d post-3.2.3-kdelibs-khtml-java.tar.bz2
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1246
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
