【绿盟科技授权,赛迪发布,谢绝任何网站转载,违者,赛迪网将保留追究其法律责任的权利!】
发布日期:2007-07-25
更新日期:2007-08-30
受影响系统:
Sun JDK <= 5.0 Update 11
Sun JDK 6 Update 1
Sun JRE <= 6 Update 1
Sun JRE <= 5.0 Update 11
Sun JRE <= 1.4.2_14
Sun SDK <= 1.4.2_14
不受影响系统:
Sun JDK 6 Update 2
Sun JDK 5.0 Update 12
Sun JRE 6 Update 2
Sun JRE 5.0 Update 12
Sun JRE 1.4.2_15
Sun SDK 1.4.2_15
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 25054
CVE(CAN) ID: CVE-2007-3922
Solaris系统的Java运行时环境(JRE)为JAVA应用程序提供可靠的运行环境。
JRE在处理Applet的加载时存在漏洞,远程攻击者可能利用此漏洞加载执行非授权的Applet。
JRE Applet类加载器中的安全漏洞可能允许从远程系统加载的不可信任Applet绕过安全限制,创建到某些运行在本地主机服务的套接字连接,如同从Applet所运行的系统上加载一样。这可能允许不可信任的远程Applet利用所连接上服务中的任意安全漏洞。
<*来源:John Heasman (nisr@nextgenss.com)
链接:http://secunia.com/advisories/26631/
http://secunia.com/advisories/25769/
http://dev2dev.bea.com/pub/advisory/248
https://www.redhat.com/support/errata/RHSA-2007-0829.html
https://www.redhat.com/support/errata/RHSA-2007-0818.html
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102995-1
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
RedHat
------
RedHat已经为此发布了安全公告(RHSA-2007:0829-01,RHSA-2007:0818-01)以及相应补丁:
RHSA-2007:0829-01:Critical: java-1.5.0-ibm security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0829.html
RHSA-2007:0818-01:Critical: java-1.5.0-sun security update
链接:https://www.redhat.com/support/errata/RHSA-2007-0818.html
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-102995)以及相应补丁:
Sun-Alert-102995:A Security Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102995-1
补丁下载:
http://java.sun.com/javase/downloads/index.jsp
http://java.sun.com/javase/downloads/index_jdk5.jsp
http://java.sun.com/j2se/1.4.2/download.html(责任编辑:李磊)
