Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: Sun Java JRE Multiple Vulnerabilities



>
> TITLE:
> Sun Java JRE Multiple Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA27009
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/27009/
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> Security Bypass, Manipulation of data, Exposure of system
> information, Exposure of sensitive information, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Sun Java JRE 1.6.x / 6.x
> http://secunia.com/product/12878/
> Sun Java JRE 1.5.x / 5.x
> http://secunia.com/product/4228/
> Sun Java JDK 1.5.x
> http://secunia.com/product/4621/
> Sun Java JDK 1.6.x
> http://secunia.com/product/14273/
> Sun Java JRE 1.4.x
> http://secunia.com/product/784/
> Sun Java JRE 1.3.x
> http://secunia.com/product/87/
> Sun Java SDK 1.4.x
> http://secunia.com/product/1661/
> Sun Java SDK 1.3.x
> http://secunia.com/product/1660/
>
> DESCRIPTION:
> Multiple vulnerabilities have been reported in Sun Java JRE (Java
> Runtime Environment), which can be exploited by malicious people to
> bypass certain security restrictions, manipulate data, disclose
> sensitive/system information, or potentially compromise a vulnerable
> system.
>
> 1) Multiple unspecified errors in the Java Runtime Environment can be
> exploited by e.g. a malicious applet or by using Java APIs to
> establish network connections to certain services on machines other
> than the originating host.
>
> 2) Multiple unspecified errors in Java Web Start can be exploited by
> a malicious applet to read/write local files or determine the
> location of the Java Web Start cache.
>
> 3) An unspecified error in the Java Runtime Environment can be
> exploited to move or copy arbitrary files on the system by e.g.
> tricking a user into dragging and dropping a file from an applet to a
> desktop application that has the proper permissions.
>
> The vulnerabilities are reported in the following versions:
> * JDK and JRE 6 Update 2 and earlier
> * JDK and JRE 5.0 Update 12 and earlier
> * SDK and JRE 1.4.2_15 and earlier
> * SDK and JRE 1.3.1_20 and earlier
>
> NOTE: Some vulnerabilities only affect certain versions or browsers.
> Please see the vendor's advisories for details.
>
> SOLUTION:
> Update to the fixed versions.
>
> JDK and JRE 6 Update 3:
> http://java.sun.com/javase/downloads/index.jsp
>
> JDK and JRE 5.0 Update 13:
> http://java.sun.com/javase/downloads/index_jdk5.jsp
>
> SDK and JRE 1.4.2_16:
> http://java.sun.com/j2se/1.4.2/download.html
>
> SDK and JRE 1.3.1 for Solaris 8:
> http://java.sun.com/j2se/1.3/download.html
>
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> 1) Billy Rios, Dan Boneh, Collin Jackson, Adam Barth, Andrew Bortz,
> Weidong Shao, and David Byrne
> 2) Peter Csepely
>
> ORIGINAL ADVISORY:
> Sun:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103079-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103078-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103073-1
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-103072-1
>



 




Copyright © Lexa Software, 1996-2009.