Sun Reports and Fixes Java and Solaris Security Flaws
Updates and Patches Made Available
Jun. 20, 2005 07:00 AM
Two vulnerabilities were reported by Sun Microsystems this week, in Java Web Start and the Sun Java Runtime Environment (JRE). Both could have been exploited by individuals with malicious intentions. A third, termed "less critical," affects versions 7 through 9 of the Solaris OS.
The first was "an unspecified error," according to Danish security firm Secunia, which "may be exploited by a malicious, untrusted application to execute arbitrary code." This vulnerability affected Java Web Start included in J2SE releases 5.0 and 5.0 Update 1 for Windows, Solaris and Linux.
The second error, also unspecified, affected J2SE releases 5.0 and 5.0 Update 1 for Windows, Solaris and Linux, and J2SE 1.4.2_07 and prior 1.4.2 releases for Windows, Solaris and Linux.
Sun's solution to the problem is for developers and other users to update to J2SE 5.0 Update 2 or 1.4.2_08 for Windows, Solaris, and Linux.
The Solaris problem was reported June 16, and "can be exploited by malicious, local users to overwrite arbitrary files on a vulnerable system," according to Secunia, which said the vulnerability was caused to an unspecified error in the Ipadmin utility. Sun has issued several patches for the various versions of Solaris to address this vulnerability.