Users login

Create an account »


Users login

Home » Hacking News » Three critical Java flaws

Three critical Java flaws

by Nikola Strahija on November 29th, 2005 JRE, Sun's Java Runtime Environment, has serious security flaws which allow remote attackers to execute applications on a system, Sun warned. The bugs are already patched in a new release, and affect Windows, Unix and Linux platforms. The Java Software Development Kit (SDK) is also affected.

Sun outlined three separate vulnerabilities, each of which could independently allow a specially crafted Java applet, for example embedded in a Web page, to escalate its privileges. That could allow the applet to read and write local files and execute applications accessible to the user running the applet, with the user's privileges.

Secunia and FrSIRT, which maintain vulnerabilities databases, gave the vulnerabilities serious ratings.

The first, unspecified vulnerability affects SDK and JRE 5.0 update 3 and earlier for Windows, Solaris and Linux.The second advisory concerns three unspecified bugs in the use of the "reflection" API in the JRE. The first of the three "reflection" bugs can occur in SDK and JRE 1.3.1_15 and earlier, SDK and JRE 1.4.2_08 and earlier or JDK and JRE 5.0 Update 3 and earlier. The second and third of the flaws can occur in SDK and JRE 1.4.2_08 and earlier or JDK and JRE 5.0 Update 3 and earlier. These bugs affect Windows, Unix and Linux versions of the JRE.

The third advisory warns of a bug in the Java Management Extensions (JMX) implementation included with the JRE. It affects SDK and JRE 5.0 Update 3 and earlier on Windows, Unix and Linux. Patches and instructions for patching are found in Sun's advisories.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »