Note: This is an archival copy of Security Sun Alert 200178 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000132.1.
Article ID : 1000132.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2010-01-19
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Java Virtual Machine May Allow Illegal Access to Protected Fields or Methods

Category
Security

Release Phase
Resolved

Bug Id
4735734, 4734966

Date of Resolved Release
23-JAN-2003

Impact

The Java Virtual Machine may allow illegal access to protected fields or methods of an object.

Sun acknowledges, with thanks, Alessandro Coglio, for bringing this issue to our attention.


Contributing Factors

This issue can occur in the following releases:

Windows Production Releases

  • SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
  • SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
  • SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
  • SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases
  • JDK and JRE 1.1.x

Solaris Operating Environment (OE) Reference Releases

  • SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases
  • JDK and JRE 1.1.x

Solaris Operating Environment (OE) Production Releases

  • SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
  • SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
  • SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
  • SDK and JRE 1.2.2_13 or earlier 1.2.2 relesases
  • JDK and JRE 1.1.x

Linux Production Releases

  • SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
  • SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
  • SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
  • SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases

Note: SDK and JRE 1.4.1 and later releases for Windows, Linux and Solaris are not affected.


Symptoms

There are no reliable symptoms that would show the described issue has been exploited.


Workaround

There is no workaround. Please see the "Resolution" section below.


Resolution

This issue is addressed in the following releases:

Windows Production Releases

  • SDK and JRE 1.4.0_03 or later 1.4.0 releases
  • SDK and JRE 1.3.1_06 or later 1.3.1 releases
  • SDK and JRE 1.2.2_014 or later 1.2.2 releases

Solaris Operating Environment (OE) Reference Releases

  • SDK and JRE 1.2.2_014 or later 1.2.2 releases

Solaris Operating Environment (OE) Production Releases

  • SDK and JRE 1.4.0_03 or later 1.4.0 releases
  • SDK and JRE 1.3.1_06 or later 1.3.1 releases
  • SDK and JRE 1.2.2_14 or later 1.2.2 releases

Linux Production Releases

  • SDK and JRE 1.4.0_03 or later 1.4.0 releases
  • SDK and JRE 1.3.1_06 or later 1.3.1 releases
  • SDK and JRE 1.2.2_014 or later 1.2.2 releases

Note: SDK and JRE releases are available at http://java.sun.com/j2se/



Product
Java 2 Platform, Standard Edition 1.4






















Attachments
This solution has no attachment