myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron at myITforum.com

Sharing Security Developments, and Best Practices for corporate and home users

Sun Java - Security Release for critical vulnerabilities

  Users with Sun Java installed should update their systems to protect their brower and PC environment from malicious websites that could affect security controls.

Sun Java Runtime Environment Sandbox Security Bypass Vulnerabilities
http://www.frsirt.com/english/advisories/2006/0467

Advisory ID : FrSIRT/ADV-2006-0467
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-08

Technical Description: Seven vulnerabilities were identified in Sun Java JRE (Java Runtime Environment), which could be exploited by malicious web sites to compromise a vulnerable system. These flaws are due to errors in the "reflection" APIs, which could be exploited by attackers to read, write, and execute arbitrary files by convincing a user to visit a specially crafted web page containing a malicious applet.

Affected Products
JDK 5.0 Update 4 and prior
JRE 5.0 Update 4 and prior
SDK 1.4.2_09 and prior
JRE 1.4.2_09 and prior
SDK 1.3.1_16 and prior
JRE 1.3.1_16 and prior

Solution:

JDK and JRE 5.x - Upgrade to JDK and JRE 5.0 Update 6 :
http://java.sun.com/j2se/1.5.0/download.jsp

SDK and JRE 1.4.x - Upgrade to SDK and JRE 1.4.2_10 :
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x - Upgrade to SDK and JRE 1.3.1_17 :
http://java.sun.com/j2se/1.3/download.html

Reference
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

Published Feb 08 2006, 07:27 AM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems