Sun Java Runtime Environment (JRE) Unspecified Hole Lets Java Code Bypass Access Controls
|
|
SecurityTracker Alert ID: 1006005 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 29 2003
|
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Modification of user information, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.4.0_02, 1.3.1_05, 1.3.0_05, and 1.2.2_013 and prior versions in those releases; 1.1.x
|
Description: An unspecified vulnerability was reported in Sun's Java Runtime Environment (JRE). Malicious Java code could bypass security sandbox protections.
Sun warned that there is a flaw in Sun's Java Virtual Machine but failed to disclose any information about the nature of the flaw.
According to the report, the Java Virtual Machine may allow malicious Java code to gain illegal access to protected fields or methods
of an object.
According to the report, SDK and JRE 1.4.1 and later versions for Windows, Linux and Solaris are not affected.
No
further details were provided.
Sun credits Alessandro Coglio with reporting this flaw.
|
Impact: Malicious Java code could gain access to protected fields or methods of an object on the target system.
|
Solution: To fix the flaw, upgrade to one of the following versions:
Windows Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0
releases
SDK and JRE 1.3.1_06 or later 1.3.1 releases
SDK and JRE 1.2.2_014 or later 1.2.2 releases
Solaris Operating Environment
(OE) Reference Releases:
SDK and JRE 1.2.2_014 or later 1.2.2 releases
Solaris Operating Environment (OE) Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0 releases
SDK and JRE 1.3.1_06 or later 1.3.1 releases
SDK and JRE 1.2.2_14 or later
1.2.2 releases
Linux Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0 releases
SDK and JRE 1.3.1_06 or later 1.3.1
releases
SDK and JRE 1.2.2_014 or later 1.2.2 releases
The SDK and JRE releases are available at http://java.sun.com/j2se/
|
Vendor URL: sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50083 (Links to External Site)
|
Cause: Not specified
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 28 Jan 2003 17:19:08 -0500
Subject: Sun Java VM Bug
|
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50083
Sun issued an alert (50083) warning of a flaw in Sun's Java Virtual Machine. The Java Virtual
Machine may allow Java code to gain illegal access to protected fields or methods of an object.
No further details were provided.
Sun credits Alessandro Coglio with reporting this flaw.
According to Sun, the following releases are affected:
Windows Production Releases:
SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases
JDK and JRE 1.1.x
Solaris Operating Environment (OE) Reference Releases:
SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases
JDK and JRE 1.1.x
Solaris Operating Environment (OE) Production Releases:
SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
SDK and JRE 1.2.2_13 or earlier 1.2.2 relesases
JDK and JRE 1.1.x
Linux Production Releases:
SDK and JRE 1.4.0_02 or earlier 1.4.0 relesases
SDK and JRE 1.3.1_05 or earlier 1.3.1 relesases
SDK and JRE 1.3.0_05 or earlier 1.3.0 relesases
SDK and JRE 1.2.2_013 or earlier 1.2.2 relesases
According to the report, SDK and JRE 1.4.1 and later versions for Windows, Linux and Solaris are not
affected.
To fix the flaw, upgrade to one of the following versions:
Windows Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0 releases
SDK and JRE 1.3.1_06 or later 1.3.1 releases
SDK and JRE 1.2.2_014 or later 1.2.2 releases
Solaris Operating Environment (OE) Reference Releases:
SDK and JRE 1.2.2_014 or later 1.2.2 releases
Solaris Operating Environment (OE) Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0 releases
SDK and JRE 1.3.1_06 or later 1.3.1 releases
SDK and JRE 1.2.2_14 or later 1.2.2 releases
Linux Production Releases:
SDK and JRE 1.4.0_03 or later 1.4.0 releases
SDK and JRE 1.3.1_06 or later 1.3.1 releases
SDK and JRE 1.2.2_014 or later 1.2.2 releases
The SDK and JRE releases are available at http://java.sun.com/j2se/
-----
Sun Alert ID: 50083
Synopsis: Java Virtual Machine May Allow Illegal Access to Protected Fields or Methods
Category: Security
Product: Java JRE/SDK
BugIDs: 4735734, 4734966
Avoidance: Upgrade
State: Resolved
Date Released: 23-Jan-2003
Date Closed: 23-Jan-2003
Date Modified:
|
|
