Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sun/Netscape Java Virtual Machine bytecode verifier vulnerability

Sun/Netscape Java Virtual Machine bytecode verifier vulnerability

by Nikola Strahija on March 27th, 2003 A vulnerability has been found in the Sun and Netscape Java Virtual Machine. It is possible to construct bytecode that will cause objects to be instantiated withour proper initialization.


One known method of exploiting this vulnerability can allow for read/write access to system files despite the security constraints of the Applet sandbox.


Vulnerable:
Windows Production Releases
- SDK and JRE 1.4.1
- SDK and JRE 1.4.0_02 and earlier
- SDK and JRE 1.3.1_05 and earlier
- SDK and JRE 1.3.0_05 and earlier
- SDK and JRE 1.2.2_013 and earlier
- JDK and JRE 1.1.x

Solaris Operating Environment (OE) Reference Releases
- SDK and JRE 1.2.2_013 or earlier

Solaris OE Production Releases
- SDK and JRE 1.4.1
- SDK and JRE 1.4.0_02 and earlier
- SDK and JRE 1.3.1_05 and earlier
- SDK and JRE 1.3.0_05 and earlier
- SDK and JRE 1.2.2_13 and earlier
- JDK and JRE 1.1.x

Linux Production Releases
- SDK and JRE 1.4.1
- SDK and JRE 1.4.0_02 and earlier
- SDK and JRE 1.3.1_05 and earlier
- SDK and JRE 1.3.0_05 and earlier
- SDK and JRE 1.2.2_013 and earlier


Solution:
Patches and update are available:

SGI advisory:
- http://www.xatrix.org/article2837.html

Sun advisory:
- http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49304


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »