Security-Alerts mailing list archive (firstname.lastname@example.org)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: Sun Java JRE Multiple Vulnerabilities
> Sun Java JRE Multiple Vulnerabilities
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Highly critical
> Security Bypass, Manipulation of data, Exposure of system
> information, Exposure of sensitive information, System access
> From remote
> Sun Java JRE 1.6.x / 6.x
> Sun Java JRE 1.5.x / 5.x
> Sun Java JDK 1.5.x
> Sun Java JDK 1.6.x
> Sun Java JRE 1.4.x
> Sun Java JRE 1.3.x
> Sun Java SDK 1.4.x
> Sun Java SDK 1.3.x
> Multiple vulnerabilities have been reported in Sun Java JRE (Java
> Runtime Environment), which can be exploited by malicious people to
> bypass certain security restrictions, manipulate data, disclose
> sensitive/system information, or potentially compromise a vulnerable
> 1) Multiple unspecified errors in the Java Runtime Environment can be
> exploited by e.g. a malicious applet or by using Java APIs to
> establish network connections to certain services on machines other
> than the originating host.
> 2) Multiple unspecified errors in Java Web Start can be exploited by
> a malicious applet to read/write local files or determine the
> location of the Java Web Start cache.
> 3) An unspecified error in the Java Runtime Environment can be
> exploited to move or copy arbitrary files on the system by e.g.
> tricking a user into dragging and dropping a file from an applet to a
> desktop application that has the proper permissions.
> The vulnerabilities are reported in the following versions:
> * JDK and JRE 6 Update 2 and earlier
> * JDK and JRE 5.0 Update 12 and earlier
> * SDK and JRE 1.4.2_15 and earlier
> * SDK and JRE 1.3.1_20 and earlier
> NOTE: Some vulnerabilities only affect certain versions or browsers.
> Please see the vendor's advisories for details.
> Update to the fixed versions.
> JDK and JRE 6 Update 3:
> JDK and JRE 5.0 Update 13:
> SDK and JRE 1.4.2_16:
> SDK and JRE 1.3.1 for Solaris 8:
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
> Weidong Shao, and David Byrne
> 2) Peter Csepely
> ORIGINAL ADVISORY: