funsec mailing list archives
RE: Security Vulnerabilities in the Java Runtime Environment
From: "Todd Towles" <toddtowles () brookshires com>
Date: Wed, 8 Feb 2006 15:43:10 -0600
http://secunia.com/advisories/18760/ - "Reflection" API http://secunia.com/advisories/18762/ - "Java Web Start Sandbox Security Bypass" -Todd
-----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Fergie Sent: Wednesday, February 08, 2006 2:45 PM To: funsec () linuxbox org Subject: [funsec] Security Vulnerabilities in the Java Runtime Environment These seem like they are quite serious, actually. FYI, - ferg[via sun] # Sun Alert ID: 102171 # Synopsis: Security Vulnerabilities in the Java RuntimeEnvironmentmay Allow an Untrusted Applet to Elevate its Privileges # Category: Security # Product: Java 2 Platform, Standard Edition # BugIDs:6277246, 6316316,6316314, 6316322, 6343309, 6343350, 6343342 # Avoidance: Upgrade # State: Resolved # Date Released: 07-Feb-2006 # Date Closed: 07-Feb-2006 # Date Modified: Seven (7) vulnerabilities with the use of "reflection" APIsin the JavaRuntime Environment may independently allow an untrustedapplet to elevateits privileges. For example an applet may grant itselfpermissions to readand write local files or execute local applications thatare accessible tothe user running the untrusted applet. [snip] http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1 - ferg-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Security Vulnerabilities in the Java Runtime Environment Fergie (Feb 08)
- <Possible follow-ups>
- RE: Security Vulnerabilities in the Java Runtime Environment Todd Towles (Feb 08)