Lexa Software: Security-Alerts@yandex-team.ru archive

		Apache-Talk @lexa.ru
		Inet-Admins @info.east.ru
		Filmscanners @halftone.co.uk
		Security-alerts @yandex-team.ru
		nginx-ru @sysoev.ru

СТАТЬИ

ПЕРСОНАЛЬНОЕ

ПРОГРАММЫ

ПИШИТЕ
ПИСЬМА

АРХИВ :: Security-alerts

Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA18760] Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities

To: <security-alerts@xxxxxxxxxxxxxx>
Subject: [security-alerts] FW: [SA18760] Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities
From: "Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>
Date: Wed, 8 Feb 2006 13:26:21 +0300
Content-class: urn:content-classes:message
List-archive: <http://www.lexa.ru/security-alerts/> (Web Archive)
List-id: <security-alerts.yandex-team.ru>
List-subscribe: <mailto:majordomo@yandex-team.ru?body=subscribe%20security-alerts>
List-unsubscribe: <mailto:majordomo@yandex-team.ru?body=unsubscribe%20security-alerts>
Thread-index: AcYsmYua/iwy6eemTECg0hBeDmLYnAAAIf9g
Thread-topic: [SA18760] Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities

> 
> 
> TITLE:
> Sun Java JRE "reflection" APIs Sandbox Security Bypass
> Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA18760
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/18760/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Sun Java JDK 1.5.x
> http://secunia.com/product/4621/
> Sun Java JRE 1.3.x
> http://secunia.com/product/87/
> Sun Java JRE 1.4.x
> http://secunia.com/product/784/
> Sun Java JRE 1.5.x / 5.x
> http://secunia.com/product/4228/
> Sun Java SDK 1.3.x
> http://secunia.com/product/1660/
> Sun Java SDK 1.4.x
> http://secunia.com/product/1661/
> 
> DESCRIPTION:
> Seven vulnerabilities have been reported in Sun Java JRE (Java
> Runtime Environment), which potentially can be exploited by malicious
> people to compromise a user's system.
> 
> The vulnerabilities are caused due to various unspecified errors in
> the "reflection" APIs. This may be exploited by a malicious,
> untrusted applet to read and write local files or execute local
> applications.
> 
> The following releases are affected by one or more of the seven
> vulnerabilities on Windows, Solaris, and Linux platforms:
> * JDK and JRE 5.0 Update 5 and prior
> * SDK and JRE 1.4.2_09 and prior
> * SDK and JRE 1.3.1_16 and prior
> 
> SOLUTION:
> Update to the fixed versions.
> 
> JDK and JRE 5.0:
> Update to JDK and JRE 5.0 Update 6 or later.
> http://java.sun.com/j2se/1.5.0/download.jsp
> 
> SDK and JRE 1.4.x:
> Update to SDK and JRE 1.4.2_10 or later.
> http://java.sun.com/j2se/1.4.2/download.html
> 
> SDK and JRE 1.3.x:
> Update to SDK and JRE 1.3.1_17 or later.
> http://java.sun.com/j2se/1.3/download.html
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits Adam Gowdiak for reporting five of the seven
> vulnerabilities.
> 
> ORIGINAL ADVISORY:
> Sun Microsystems:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1
> 
> ----------------------------------------------------------------------

Prev by Date: [security-alerts] FW: [SA18762] Java Web Start Sandbox Security Bypass Vulnerability
Next by Date: [security-alerts] FW: [SA18766] Linux Kernel ICMP Error Handling Denial of Service
Previous by thread: [security-alerts] FW: [SA18762] Java Web Start Sandbox Security Bypass Vulnerability
Next by thread: [security-alerts] FW: [SA18766] Linux Kernel ICMP Error Handling Denial of Service
Index(es):
- Date
- Thread