CERT-In Advisory CIAD-2006-49
Vulnerabilities in Sun Java JRE
Original issue date:
December 21, 2006
Severity Rating: High
Systems Affected
- JDK and JRE 5.0 Update 7 and earlier
- SDK and JRE 1.4.2_12 and earlier
Overview
Two vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which could be exploited by remote attackers to compromise a vulnerable system.
Description
It has been observed that two vulnerabilities exists in Java Runtime Environment due to a serialization error, which could be exploited by local/remote attacker to execute arbitrary commands or compromise a vulnerable system. Sun microsystems has released patches to address these vulnerabilities. Note that the SDK and JRE version 1.3.x are not affected.
Solution Upgrade to JDK/JRE 5.0 Upgrade 8 or SDK/JRE 1.4.2_13
http://java.sun.com/
Vendor Information
SUN microsystems
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1 References
FrSIRT
http://www.frsirt.com/english/advisories/2006/5074
Secunia
http://secunia.com/advisories/23445/
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
