⬆️ ⬇️

Multiple critical vulnerabilities in Sun Java JDK / JRE

Several critical vulnerabilities have been reported in Sun Java, which can be used for malicious purposes, to circumvent certain security restrictions, disclose system information or potentially sensitive information, cause DoS (denial of service) or compromise a vulnerable system.





1) Error in Java Runtime Environment Virtual Machine, can be used to write exploits, launch applets, read and write local files, and launch applications.



2) Error in Java Management extensions (JMX), can be used to perform certain operations on a system running JMX and enabled local monitoring.

')

3) Two errors in the scripting language in the Java Runtime Environment, can be used to access information from another applet, to read and write local files and run applications.



4) Boundary errors in Java Web Start (may cause clipboard overflow)



5) Three errors in Java Web Start (creating and deleting arbitrary files with user privileges)



6) Error in the implementation of Secure Static Versioning.



7) Errors in the Java Runtime Environment, to bypass the access policy and establish socket connections to certain services running on the local host



8) Error in Java Runtime Environment when processing certain XML data, can be used for unauthorized access to certain URL resources or for triggering a DoS attack.



9) Error in Java Runtime Environment when processing certain XML data, can be used to get unauthorized access to certain URL resources.



10) Boundary error when processing fonts in Java Runtime Environment, can be used for buffer overflow.



The solution is to update the application:



JDK and JRE 6 Update 7:

java.sun.com/javase/downloads/index.jsp



JDK and JRE 5.0 Update 16:

java.sun.com/javase/downloads/index_jdk5.jsp



SDK and JRE 1.4.2_18:

java.sun.com/j2se/1.4.2/download.html



SDK and JRE 1.3.1_23 (Solaris 8 and Vintage Support Offering support contracts):

java.sun.com/j2se/1.3/download.html

Source: https://habr.com/ru/post/31635/



All Articles