Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Security Vulnerabilities in Sun JRE may Allow an Untrusted Applet to Elevate its Privileges

Reply
Thread Tools

Security Vulnerabilities in Sun JRE may Allow an Untrusted Applet to Elevate its Privileges

 
 
Stephen Howe
Guest
Posts: n/a
 
      02-10-2006
> "Note: It is recommended that affected versions be removed from your
> system. For more
> information, please see the installation notes on the respective
> java.sun.com download
> pages."


How many wretched versions of Java are there?

I see

J2EE 1.4 SDK
JDK 5.0 Update 6 with NetBeans 5.0
JDK 5.0 Update 6 with NetBeans 4.1
JDK 5.0 Update 6
JRE 5.0 Update 6

very confusing. I think it is the last that I want.

Yet I already have
jre-1_5_0_06-windows-i586-p.exe
downloaded which claims
J2SE Runtime Environment 5.0 Update 6 inside

I think have just uninstalled the latest.

Yet elsewhere on the Internet I see "b09" suffix (I assume build 9).

Stephen Howe


 
Reply With Quote
 
 
 
 
David H. Lipman
Guest
Posts: n/a
 
      02-10-2006
From: "Stephen Howe" <sjhoweATdialDOTpipexDOTcom>

>> "Note: It is recommended that affected versions be removed from your
>> system. For more
>> information, please see the installation notes on the respective
>> java.sun.com download
>> pages."

|
| How many wretched versions of Java are there?
|
| I see
|
| J2EE 1.4 SDK
| JDK 5.0 Update 6 with NetBeans 5.0
| JDK 5.0 Update 6 with NetBeans 4.1
| JDK 5.0 Update 6
| JRE 5.0 Update 6
|
| very confusing. I think it is the last that I want.
|
| Yet I already have
| jre-1_5_0_06-windows-i586-p.exe
| downloaded which claims
| J2SE Runtime Environment 5.0 Update 6 inside
|
| I think have just uninstalled the latest.
|
| Yet elsewhere on the Internet I see "b09" suffix (I assume build 9).
|
| Stephen Howe
|

From what I see the current version is JRE 5 Update 6.

http://www.java.com/en/download/manual.jsp

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
 
Mr. Uh Clem
Guest
Posts: n/a
 
      02-11-2006
shawn wrote:
> On Thu, 09 Feb 2006 01:37:05 GMT, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote:


....
>>
>> Update to and use JRE 5 update 6.

>
> And remove all of the other versions from your system.
>


I'm aware of some software packages written in Java which
come packaged with a JRE (not sure which release, but I"m
sure it is older) to run on Windows. The JRE is only used
with that application and the application is a dedicated
client, used with only a specific server app on dedicated
hosts the customers own. The reason for including a
dedicated JRE is that successive JRE releases were breaking
things.

Q: Is this exploitable, given it is not being used for
general web browsing??

--
Clem
"If you push something hard enough, it will fall over."
- Fudd's first law of opposition
 
Reply With Quote
 
David H. Lipman
Guest
Posts: n/a
 
      02-11-2006
From: "Mr. Uh Clem" <(E-Mail Removed)>

| shawn wrote:
>> On Thu, 09 Feb 2006 01:37:05 GMT, "David H. Lipman"
>> <DLipman~nospam~@Verizon.Net> wrote:

|
| ...
>>>
>>> Update to and use JRE 5 update 6.

>>
>> And remove all of the other versions from your system.
>>

| I'm aware of some software packages written in Java which
| come packaged with a JRE (not sure which release, but I"m
| sure it is older) to run on Windows. The JRE is only used
| with that application and the application is a dedicated
| client, used with only a specific server app on dedicated
| hosts the customers own. The reason for including a
| dedicated JRE is that successive JRE releases were breaking
| things.
|
| Q: Is this exploitable, given it is not being used for
| general web browsing??
|

That's a good question. I too have used specific Java apps that come with Java embedded
within the application.

I think it would be best to contact the vendor of that software application and point to the
Sun Java bulletin.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
restricted privileges for untrusted code called from trusted code Tomas Mikula Java 8 11-24-2009 12:32 PM
How's JRE handle the process of Applet Destroy (IE6)? trace stopped until "joined applet thread" soldieryap81@yahoo.com Java 0 09-28-2006 09:40 AM
Untrusted applet/copy conundrum Andrew Thompson Java 4 07-29-2006 07:12 PM
Applet Mayscript JRE 1.4.2_03 : sun.plugin.javascript.ocx.JSObject.eval R Javascript 0 02-04-2005 04:27 AM
Unable to set focus to textfield in a applet if browser is set to Sun JRE 1.4 Manav Java 0 10-15-2003 03:42 PM



Advertisments