Java Web Start Sandbox Security Bypass Vulnerability

Ramona · 2005/06/15

TITLE:
Java Web Start Sandbox Security Bypass Vulnerability

SECUNIA ADVISORY ID:
SA15671

VERIFY ADVISORY:
http://secunia.com/advisories/15671/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Sun Java JRE 1.5.x
http://secunia.com/product/4228/
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Java Web Start 1.x
http://secunia.com/product/1005/

DESCRIPTION:
A vulnerability has been reported in Java Web Start, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and may be
exploited by a malicious, untrusted application to execute arbitrary
code.

The vulnerability affects Java Web Start included in J2SE releases
5.0 and 5.0 Update 1 for Windows, Solaris and Linux.

SOLUTION:
The vulnerability has been fixed in J2SE 5.0 Update 2 and later for
Windows, Solaris and Linux.
http://java.sun.com/j2se/1.5.0/download.jsp

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.

ORIGINAL ADVISORY:
Sun Microsystems:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101748-1
Click to expand...

NOTE:

In the original Sun Advisory, it is recommended that you UNinstall any affected versions before installing JRE 1.4.2_08, or 1.5.0_03.

J2SE 5.0 and 1.4.2 are available for download at the following links:

5.0 at: http://java.sun.com/j2se/1.5.0/download.jsp and http://java.com

1.4.2 at: http://java.sun.com/j2se/1.4.2/download.html

Note: It is recommended that affected versions be removed from your system. For more information, please see the installation notes on the respective java.sun.com download pages.
Click to expand...

Get 5.0 Update 3 here:
http://java.sun.com/j2se/1.5.0/download.jsp

GPaDavis · 2005/06/15

Cornfoozed!

OK, I'm using Java Standard Version 1.5.0 (build 1.5.0_03-b07) -- whatever that might mean.

Is this the 'latest and greatest' or do I need to search, scrounge, crawl all over the Java website 'til I find the correct one?

Bob (Cornfoozed is Not too unusual for me, that's for sure!)

Westside · 2005/06/15

I, personally, don't play in the sandbox. But, from I see you should have update 3, so, unless they went backward, you should be ok.
Oh, yea, the java website is fun!

Bmoore1129 · 2005/06/16

GPaDavis

I just DL'ed and the version is as you stated so you are OK.

GPaDavis · 2005/06/16

Whew! Thanks.
Bob

Log in or Sign up

Java Web Start Sandbox Security Bypass Vulnerability

Ramona Geek Member Alumni Thread Starter

GPaDavis Inactive

Westside Inactive Alumni

Bmoore1129 Geek Member

GPaDavis Inactive

Share This Page

Log in or Sign up

Java Web Start Sandbox Security Bypass Vulnerability

Ramona Geek Member Alumni Thread Starter

GPaDavis Inactive

Westside Inactive Alumni

Bmoore1129 Geek Member

GPaDavis Inactive

Share This Page

Useful Searches