PCWorks: Java 2 Platform Privilege Escalation Vulnerability

Thread: PCWorks: Java 2 Platform Privilege Escalation Vulnerability

Search this list only Search all lists
PCWorks: Java 2 Platform Privilege Escalation Vulnerability
Canada	2007-05-01 08:09:39
Java 2 Platform Privilege Escalation Vulnerability Secunia Advisory: SA25069 Release Date: 2007-05-01 Critical: Moderately critical Impact: Security Bypass Where: From remote Solution Status: Vendor Patch Software: Sun Java Enterprise System 5.x Sun Java JDK 1.5.x Sun Java JRE 1.4.x Sun Java JRE 1.5.x / 5.x Sun Java SDK 1.4.x Description: Sun has acknowledged a vulnerability in the Java Web Start of the Java 2 Platform, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error within the use of system classes. This can e.g. be exploited to read and write to local files via malicious Java Web Start Applications. The vulnerability is reported in Java Web Start in JDK and JRE 5.0 Update 10 and Java Web Start in SDK and JRE 1.4.2_13 and earlier for Windows, Solaris and Linux. Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable: http://secunia .com/software_inspector/ Solution: Update to Java Web Start in JDK and JRE 5.0 Update 11 or later, or Java Web Start in SDK and JRE 1.4.2_14 or later. -- J2SE 5.0 -- http://ja va.sun.com/j2se/1.5.0/download.jsp -- J2SE 5.0 Update 11 for Solaris -- J2SE 5.0: update 11 (as delivered in patch 118666-11 or later) J2SE 5.0: update 11 (as delivered in patch 118667-11 or later (64bit)) J2SE 5.0_x86: update 11 (as delivered in patch 118668-11 or later) J2SE 5.0_x86: update 11 (as delivered in patch 118669-11 or later (64bit)) --- J2SE 1.4.2 -- http://j ava.sun.com/j2se/1.4.2/download.html Note that vulnerable versions should be removed from the system. Provided and/or discovered by: The vendor credits the Fujitsu security team. Original Advisory: http://sunsolve.sun.com/search/document.do?asse tkey=1-26-102881-1 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )