Note: This is an archival copy of Security Sun Alert 200918 as previously published on http://sunsolve.sun.com. Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000700.1. |
Category Security Release Phase Resolved Sun Java Desktop System 2003 Bug Id 6291747 Date of Resolved Release 01-JUL-2005 Impact Certain releases of the Sun Java Desktop System (JDS) for Linux include versions of the Java Runtime Environment (JRE) which contain a vulnerability in the Java Plug-in which may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. This issue is also described in Sun Alert 101749. Contributing Factors This issue can occur in the following releases: Linux Platform
Note: This issue only occurs with JDS JRE version j2re-1.4.2_07-b03 or earlier. To determine the release of JDS for Linux installed on a system, the following command can be run: % cat /etc/sun-release Sun Java Desktop System, Release 2 -build 10b (GA) Assembled 30 March 2004 To determine the version of the JDS JRE, the following command can be run: % rpm -qf /usr/java/j2redefault/bin/java j2re-1.4.2_06-fcs Or % java -fullversion java full version "1.4.2_06-b03"
Symptoms There are no reliable symptoms that would indicate the described issue has been exploited. Workaround There is no workaround. Please see the "Resolution" section below. Resolution This issue is addressed in the following releases: Linux Platform
To download and install the updated RPMs from the update servers, select the following sequence from the "launch" menu: Launch >> Applications >> System Tools >> Online Update For more information on obtaining updates see:
Modification History Date: 10-AUG-2005 Change History
Attachments This solution has no attachment |
|