Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
BID:22907
Info
Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
| Bugtraq ID: | 22907 |
| Class: | Access Validation Error |
| CVE: |
CVE-2007-1419 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2007 12:00AM |
| Updated: | May 12 2015 07:29PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Sun Java Dynamic Management Kit 5.1 |
| Not Vulnerable: | |
Discussion
Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
Sun JMX is prone to a local unauthorized-access vulnerability.
A local attacker can exploit this issue to gain unauthorized access to certain local data. Information disclosed may aid in further attacks; other attacks are also possible.
This issue affects only systems that host applications deployed with the JMX RMI-IIOP API, which is part of the Java Dynamic Management Kit product.
Sun JMX is prone to a local unauthorized-access vulnerability.
A local attacker can exploit this issue to gain unauthorized access to certain local data. Information disclosed may aid in further attacks; other attacks are also possible.
This issue affects only systems that host applications deployed with the JMX RMI-IIOP API, which is part of the Java Dynamic Management Kit product.
Exploit / POC
Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.
Sun Java Dynamic Management Kit 5.1
Solution:
Sun has released an advisory and fixes to address this issue. Please see the references for more information.
Sun Java Dynamic Management Kit 5.1
-
Sun 119044-03
SPARC Platform - JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119044-03-1 -
Sun 119044-03
x86 Platform - JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119044-03-1 -
Sun 119045-03
Windows Platform - JDK 5.0 update 4 and earlier, or JDK 1.4
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119045-03-1 -
Sun 119046-03
Linux Platform - JDK 5.0 update 4 and earlier, or JDK 1.4
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119046-03-1 -
Sun 124939-03
SPARC Platform - Solaris 10 with JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124939-03-1 -
Sun 124939-03
x86 Platform - Solaris 10 JDK 5.0 update 4 and earlier, or JDK 1.4 or earlier
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -124939-03-1
References
Sun JMX RMI-IIOP Local Unauthorized Access Vulnerability
References:
References:
- Sun Homepage (Sun Microsystems )
- Sun Alert ID: 102835 - Security Vulnerability When Using java.policy With RMI-II (Sun)