Sun JRE Vulnerabilities
Security Vulnerabilities in the Java Runtime Environment Image Parsing Code may Allow a Untrusted Applet to Elevate Privileges
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.
Both vulnerabilities can be exploited in the following versions
Updates are available, see the Sun alert for full details.
HOD: Christopher Carboni
A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.
Both vulnerabilities can be exploited in the following versions
- JDK and JRE 6
- JDK and JRE 5.0 Update 10 and earlier
- SDK and JRE 1.4.2_14 and earlier
- SDK and JRE 1.3.1_20 and earlier
Updates are available, see the Sun alert for full details.
HOD: Christopher Carboni
Keywords:
0 comment(s)
More PHP Phun
Jack wrote in to tell us that US-CERT posted the following advisory:
US-CERT is aware of a publicly reported vulnerability in PHP. PHP version 5.2.3 may be vulnerable to an integer overflow within the chunk_split() function.
More information can be found in the following PHP Security Blog.
US-CERT will provide additional information as it becomes available.
Thanks Jack.
HOD: Christopher Carboni
US-CERT is aware of a publicly reported vulnerability in PHP. PHP version 5.2.3 may be vulnerable to an integer overflow within the chunk_split() function.
More information can be found in the following PHP Security Blog.
US-CERT will provide additional information as it becomes available.
Thanks Jack.
HOD: Christopher Carboni
Keywords:
0 comment(s)
×
Diary Archives
Comments