Multiple vulnerabilities were identified in Java on Apple Mac OS X, which could be exploited by remote or local attackers to bypass certain security restrictions, disclose sensitive information, or gain elevated privileges.
The first issue is due to a race condition when handling a temporary directory, which could be exploited by local attackers to corrupt or create arbitrary files.
The second flaw is due to a race condition in the privileged helper that creates temporary files insecurely when updating Java shared archives, which could be exploited by local attackers to corrupt or create arbitrary files.
The third vulnerability is due to an unspecified error when launching the utility used to update Java shared archives, which could be exploited by malicious users to execute arbitrary commands with elevated privileges.
The fourth issue is due to an unspecified error when handling specially crafted applets, which may be exploited by malicious web sites to bypass the default security policy and read/write arbitrary files on a vulnerable system with the privileges of the user running the untrusted applet.
The fifth flaw is due to an error where it is possible for the same port to be opened as a Java ServerSocket multiple times, which could allow a Java program to intercept data intended for the ServerSocket of a different Java program.
Credits
Vulnerabilities reported by Dino Dai Zovi and kf_lists
ChangeLog
2005-09-13 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
