Note: This is an archival copy of Security Sun Alert 201586 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1001191.1.
Date of Resolved Release
An implementation bug which exists in Java 1.1.x releases allows an untrusted applet to accept connections from hosts other than the host that the applet came from. While this should not be allowed, this bug by itself does not allow the applet to violate other Java sandbox restrictions. Also, a firewall will stop such incoming connections from the Internet. This is a Java 1.1.x implementation bug, not an architectural flaw with the Java Security Model.
An exploit called Brown Orifice was publicly posted recently. Brown Orifice exploits a bug in the Netscape Java Runtime Environment (see CERT Advisory CA-2000-15). It also exploits this implementation bug. Sun's supported versions of J2SE 1.2 and later are not affected.
Customer deployments of Java 1.1.x may encounter this issue if code exploiting the problem is introduced into their runtime environment.
There may be no obvious symptoms.
Please see resolution.
The issue is addressed in the following upgrade releases:
Windows Production and Solaris Reference Releases:
JDK/JRE 1.1.8_005 & plugin1.1.3_003 Posted at web-site JDK/JRE 1.1.7B_007 & plugin1.1.2_006 Available approx: 8/24/2000 JDK/JRE 1.1.6_009 & plugin1.1.1_006 Available approx: 8/25/2000
Solaris Production Release:
JDK/JRE 1.1.8_12 Available approx: 8/21/2000 (Note: No plugin exists for 1.1.x Solaris production release)
Sun Java Standard Edition (Java SE)
This solution has no attachment