Java flaw poses widespread security threat

TalkBack 45 of 47:: Next »; « Previous

Thread View
Flat View

is is this Sun advisory???... (so many to choose from): Sourcing ?

?- http://blogs.sun.com/security/

with full attribution, is it this announcement???... (It's JRE-related and atta-boy's G-sec.)

(10 Jul 2007 Sun Alert 102934 Security Vulnerabilities in the Java Runtime Environment Image Parsing Code May Allow a Untrusted Applet to Elevate Privileges

posted by Sun Security Coordination Team in Alerts

Product: Java 2 Platform, Standard Edition

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.

A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang.

Sun acknowledges, with thanks, Chris Evans of the Google Security Team, for bringing these issues to our attention.

These issues are also referenced in the following documents:

CVE-2007-2788 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2788

CVE-2007-2789 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789

Avoidance: Patch, Upgrade
State: Resolved
First released: 31-May-2007
Sun Alert Link: http://sunsolve.sun.com/search/<ocument.do?assetkey=1-26-102934-1
Permalink | Comments [0]; Posted by: wti Posted on: 07/13/07 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Article needs more detail... mrlinux | 07/13/07

Why? No_Ax_to_Grind | 07/13/07

duh... JustAMuggle | 07/13/07

Ah, you may be right. (nt) No_Ax_to_Grind | 07/13/07

Check again gtdavies33@... | 07/13/07

I'm sure it's only java on windoze Linux Geek | 07/13/07

I use linux too.. birdofire@... | 07/13/07

Message has been deleted. Linux User 147560 | 07/13/07

Of course it was deleted Linux User 147560 | 07/13/07

That's M$ long hand censoring you! Linux Geek | 07/13/07

You are "sure". Ummm, can you read? No_Ax_to_Grind | 07/13/07

excellent comment mighetto | 07/13/07

Message has been deleted. Yagotta B. Kidding | 07/13/07

hehehe. 9.5 wink

PB_z | 07/13/07

You're so right Boot_Agnostic | 07/16/07

I use NOSCRIPT in firefox galileon | 07/13/07

JavaScript is not Java Fred Fredrickson | 07/15/07

NoScript JDThompson | 07/16/07

Too late.. balazsa | 07/13/07

do us a favor... Monkey_MCSE | 07/13/07

Yes, like the Monkey said... Linux User 147560 | 07/13/07

Article is pure FUD from from MS lapdog ZDNet super_J | 07/13/07

Wrong Schnazzer | 07/13/07

You just proved me right super_J | 07/13/07

The article actually did Greenknight_z | 07/17/07

Since ZDNET is a lapdog, leave this board BXLE | 07/13/07

Naw, it's too entertaining super_J | 07/13/07

Disappointment in Iphone; Solution to Java flaw already implemented. mighetto | 07/13/07

Apple responds - kind of. Who is Luke? Is the force with him? mighetto | 07/13/07

Java flaw poses widespread security threat RickC998 | 07/13/07

The problem doesn't threaten me Knorthern Knight | 07/13/07

Java is solution for multi-core multiprocessor speed mighetto | 07/13/07

Your reasoning is incorrect John Zern | 07/13/07

Titanium to you Zern mighetto | 07/13/07

You're either... wolf_z | 07/14/07

Yo, Frank... Linux User 147560 | 07/13/07

Amen Brother mighetto | 07/13/07

Novels greybeardtechie | 07/16/07

Java is a solution for speed alright... Knorthern Knight | 07/14/07

Here is the real bug info jmanico | 07/13/07

install Java 6 update 2 jmanico | 07/13/07

PRAISE JAVA! jmanico | 07/13/07

Hee Hee mighetto | 07/13/07

reportage below minimum standards = FUD wti | 07/13/07

is is this Sun advisory???... (so many to choose from) wti | 07/13/07

Update 2 is a dog Greenknight_z | 07/17/07

Yep patched Boot_Agnostic | 07/17/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Using Red Hat Enterprise Linux AS to Achieve Highly Available, Load-Balanced Clusters Dell The Red Hat Enterprise Linux AS operating system integrates Cluster ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Java flaw poses widespread security threat

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads