ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA17748] Sun Java JRE Sandbox Security Bypass Vulnerabilities



> 
> 
> TITLE:
> Sun Java JRE Sandbox Security Bypass Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA17748
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/17748/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Sun Java SDK 1.4.x
> http://secunia.com/product/1661/
> Sun Java SDK 1.3.x
> http://secunia.com/product/1660/
> Sun Java JRE 1.5.x / 5.x
> http://secunia.com/product/4228/
> Sun Java JRE 1.4.x
> http://secunia.com/product/784/
> Sun Java JRE 1.3.x
> http://secunia.com/product/87/
> Sun Java JDK 1.5.x
> http://secunia.com/product/4621/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in Sun Java JRE (Java Runtime
> Environment), which can be exploited by malicious people to compromise
> a user's system.
> 
> 1) An unspecified error may be exploited by a malicious, untrusted
> applet to read and write local files or execute local applications.
> 
> The vulnerability has been reported in JDK/JRE 5.0 Update 3 and prior
> on Windows, Solaris and Linux platforms. SDK/JRE 1.4.2_xx and prior,
> and 1.3.1_xx releases are not affected.
> 
> 2) Three unspecified vulnerabilities with the use of "reflection"
> APIs error may be exploited by a malicious, untrusted applet to read
> and write local files or execute local applications.
> 
> The following releases are affected by one or more of the three
> vulnerabilities on Windows, Solaris and Linux platforms:
> * SDK and JRE 1.3.1_15 and prior.
> * SDK and JRE 1.4.2_08 and prior.
> * JDK and JRE 5.0 Update 3 and prior.
> 
> 3) An unspecified error in the JMX (Java Management Extensions)
> implementation included with the JRE may be exploited by a malicious,
> untrusted applet to read and write local files or execute local
> applications.
> 
> The vulnerability has been reported in JDK/JRE 5.0 Update 3 and prior
> on Windows, Solaris and Linux platforms. SDK/JRE 1.4.2_xx and prior,
> and 1.3.1_xx releases are not affected.
> 
> SOLUTION:
> Update to the fixed versions.
> 
> JDK and JRE 5.0:
> Update to JDK and JRE 5.0 Update 4 or later.
> http://java.sun.com/j2se/1.5.0/download.jsp
> 
> SDK and JRE 1.4.x:
> Update to SDK and JRE 1.4.2_09 or later.
> http://java.sun.com/j2se/1.4.2/download.html
> 
> SDK and JRE 1.3.x:
> Update to SDK and JRE 1.3.1_16 or later.
> http://java.sun.com/j2se/1.3/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Adam Gowdiak.
> 
> ORIGINAL ADVISORY:
> Sun Microsystems:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102050-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102003-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102017-1
> 
> ----------------------------------------------------------------------




 




Copyright © Lexa Software, 1996-2009.