BID:17517

Sun Java Studio Local Privilege Escalation Vulnerability

Info

Sun Java Studio Local Privilege Escalation Vulnerability

Bugtraq ID:	17517
Class:	Access Validation Error
CVE:
Remote:	No
Local:	Yes
Published:	Apr 14 2006 12:00AM
Updated:	Apr 17 2006 06:02PM
Credit:	Reported by the vendor.
Vulnerable:	Sun Java Studio Enterprise 8

Not Vulnerable:

Discussion

Sun Java Studio Local Privilege Escalation Vulnerability

Sun Java Studio is prone to a local privilege-escalation vulnerability.

An unprivileged local attacker can execute arbitrary code and commands in the context of a user who invokes the application.

A successful attack can facilitate privilege escalation.

Sun Java Studio Enterprise 8 is vulnerable to this issue.

Exploit / POC

Sun Java Studio Local Privilege Escalation Vulnerability

An exploit is not required.

Solution / Fix

Sun Java Studio Local Privilege Escalation Vulnerability

Solution:

Sun has released an advisory with fixes to address this issue. Please see the references for more information.

Sun Java Studio Enterprise 8

Sun 121045-04
SPARC platform.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121045-04-1

Sun 121045-04
x86 Platform.
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121045-04-1

References

Sun Java Studio Local Privilege Escalation Vulnerability

References:

Sun Alert ID: 102292 (Sun)