Java Plug-in: escalada de privilegios de appletsUna vulnerabilidad ha sido reportada en los controles de acceso al intercambio de datos entre Java y JavaScript, en los navegadores de Internet que utilizan Sun Java Plug-in, que puede permitir que applets maliciosos obtengan privilegios para realizar acciones irrestrictas en el sistema.
Sería posible para un sitio malicioso que contenga código JavaScript, explotar esta vulnerabilidad para cargar un Java Class peligroso (un "class" es un archivo que contiene un programa desarrollado en JAVA), y pasarlo al applet invocado (un "applet" de Java es un programa que puede insertarse directamente en el código HTML de un sitio web y así permitir a cualquier usuario ejecutarlo con sólo entrar a la página).
Para invocar applets existen varios métodos que pueden ser explotados a los efectos de especificar la versión de Plug-in que debe ser utilizada para ejecutarlos. Si una versión vulnerable continúa instalada en un equipo, podría ser invocada en lugar de la versión más nueva en la que ya se haya corregido la vulnerabilidad.
Sun ha realizado actualizaciones para solucionar este fallo. Como precaución adicional, se recomienda que los usuarios afectados por este problema, eliminen versiones anteriores de Java Plug-in.
El siguiente ejemplo ha sido publicado:
[script language=javascript]
var c=document.applets[0].getClass().forName('sun.text.Utility');
alert('got Class object: '+c)
[/script]
Son vulnerables las siguientes versiones de Java:
- Sun JRE (Windows Production Release) 1.3 .0_05
- Sun JRE (Windows Production Release) 1.3 .0_04
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3
- Sun JRE (Windows Production Release) 1.3.1_09
- Sun JRE (Windows Production Release) 1.3.1_08
- Sun JRE (Windows Production Release) 1.3.1_07
- Sun JRE (Windows Production Release) 1.3.1_06
- Sun JRE (Windows Production Release) 1.3.1_05
- Sun JRE (Windows Production Release) 1.3.1_04
- Sun JRE (Windows Production Release) 1.3.1_03
- Sun JRE (Windows Production Release) 1.3.1_02
- Sun JRE (Windows Production Release) 1.3.1_01a
- Sun JRE (Windows Production Release) 1.3.1_01
- Sun JRE (Windows Production Release) 1.4 .0_04
- Sun JRE (Windows Production Release) 1.4 .0_03
- Sun JRE (Windows Production Release) 1.4 .0_02
- Sun JRE (Windows Production Release) 1.4 .0_01
- Sun JRE (Windows Production Release) 1.4
- Sun JRE (Windows Production Release) 1.4.1_07
- Sun JRE (Windows Production Release) 1.4.1_03
- Sun JRE (Windows Production Release) 1.4.1_02
- Sun JRE (Windows Production Release) 1.4.1_01
- Sun JRE (Windows Production Release) 1.4.1
- Sun JRE (Windows Production Release) 1.4.2_05
- Sun JRE (Windows Production Release) 1.4.2_04
- Sun JRE (Windows Production Release) 1.4.2_03
- Sun JRE (Windows Production Release) 1.4.2_02
- Sun JRE (Windows Production Release) 1.4.2_01
- Sun JRE (Windows Production Release) 1.4.2
- Sun JRE (Linux Production Release) 1.3 .0_05
- Sun JRE (Linux Production Release) 1.3 .0_04
- Sun JRE (Linux Production Release) 1.3 .0_03
- Sun JRE (Linux Production Release) 1.3 .0_02
- Sun JRE (Linux Production Release) 1.3 .0_01
- Sun JRE (Linux Production Release) 1.3 .0
- Sun JRE (Linux Production Release) 1.3.1_09
- Sun JRE (Linux Production Release) 1.3.1_08
- Sun JRE (Linux Production Release) 1.3.1_07
- Sun JRE (Linux Production Release) 1.3.1_06
- Sun JRE (Linux Production Release) 1.3.1_05
- Sun JRE (Linux Production Release) 1.3.1_03
- Sun JRE (Linux Production Release) 1.3.1_02
- Sun JRE (Linux Production Release) 1.3.1_01
- Sun JRE (Linux Production Release) 1.3.1
- Sun JRE (Linux Production Release) 1.4 .0_04
- Sun JRE (Linux Production Release) 1.4 .0_03
- Sun JRE (Linux Production Release) 1.4 .0_02
- Sun JRE (Linux Production Release) 1.4
- Sun JRE (Linux Production Release) 1.4.1_03
- Sun JRE (Linux Production Release) 1.4.1_02
- Sun JRE (Linux Production Release) 1.4.1_01
- Sun JRE (Linux Production Release) 1.4.1
- Sun JRE (Linux Production Release) 1.4.2_05
- Sun JRE (Linux Production Release) 1.4.2_04
- Sun JRE (Linux Production Release) 1.4.2_03
- Sun JRE (Linux Production Release) 1.4.2_02
- Sun JRE (Linux Production Release) 1.4.2_01
- Sun JRE (Linux Production Release) 1.4.2
- Sun JRE (Solaris Production Release) 1.3 .0_05
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3
- Sun JRE (Solaris Production Release) 1.3.1_09
- Sun JRE (Solaris Production Release) 1.3.1_08
- Sun JRE (Solaris Production Release) 1.3.1_07
- Sun JRE (Solaris Production Release) 1.3.1_06
- Sun JRE (Solaris Production Release) 1.3.1_05
- Sun JRE (Solaris Production Release) 1.3.1_04
- Sun JRE (Solaris Production Release) 1.3.1_03
- Sun JRE (Solaris Production Release) 1.3.1_02
- Sun JRE (Solaris Production Release) 1.3.1_01
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_03
- Sun JRE (Solaris Production Release) 1.4 .0_02
- Sun JRE (Solaris Production Release) 1.4 .0_01
- Sun JRE (Solaris Production Release) 1.4
- Sun JRE (Solaris Production Release) 1.4.1_03
- Sun JRE (Solaris Production Release) 1.4.1_02
- Sun JRE (Solaris Production Release) 1.4.1_01
- Sun JRE (Solaris Production Release) 1.4.1
- Sun JRE (Solaris Production Release) 1.4.2_05
- Sun JRE (Solaris Production Release) 1.4.2_04
- Sun JRE (Solaris Production Release) 1.4.2_03
- Sun JRE (Solaris Production Release) 1.4.2_02
- Sun JRE (Solaris Production Release) 1.4.2_01
- Sun JRE (Solaris Production Release) 1.4.2
- Conectiva Linux 10.0
- Gentoo Linux
No son vulnerables las siguientes versiones:
- Sun JRE (Solaris Production Release) 1.4.2_06
- Sun JRE (Windows Production Release) 1.4.2_06
Solución
Descargar e instalar la versión Java JRE 1.4.4_06 o superior
Descarga:
Java Runtime Environment (JRE), Standard Edition 1.4.2_06
http://java.sun.com/j2se/1.4.2/download.htmlCréditos:
Jouko Pynnonen <
[email protected]>
Referencias:
CLA-2004:900: sun-jre
http://www.securityfocus.com/advisories/7561GLSA 200411-38:
Sun and Blackdown Java: Applet privilege escalation
http://www.securityfocus.com/advisories/7572iDEFENSE Security Advisory 11.22.04:
Sun Java Plugin Arbitrary Package Access Vu
http://www.securityfocus.com/archive/1/381940Re: Sun Java Plugin arbitrary package access vulnerability
http://www.securityfocus.com/archive/1/382281Sun Java Plugin arbitrary package access vulnerability
http://www.securityfocus.com/archive/1/382072Alert ID:
57591 - Security Vulnerability With Java Plug-in in JRE/SDK
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57591-1&searchclause=
Encountering OBJECT, EMBED, and APPLET Tags
With Different Plug-in Versions
http://java.sun.com/products/plugin/versions.html#answersJava Homepage
http://java.sun.com/Publicado en:
http://www.vsantivirus.com/vul-java-plugin-301104.htmDebilidad en especificación de versión de Sun JavaJava proporciona soporte para detectar una versión en forma dinámica o estática, cuando se cargan applets en el Java plug-in. Esto significa que es posible durante la invocación de un applet, solicitar que una versión particular sea utilizada para ejecutarlo. Esta característica puede ser accesible a través de varias etiquetas HTML que permiten que applets de Java sean embebidos en documentos de ese tipo, por ejemplo EMBED, OBJECT y APPLET.
Esta característica posee una debilidad en su implementación, de tal modo que puede abusarse de la misma para provocar que pueda ser cargada una versión antigua del Java plug-in, en lugar de otra más reciente.
Esto puede representar un grave riesgo para la seguridad, si la versión invocada poseyera vulnerabilidades que se han corregido en versiones más nuevas.
Para que este error de diseño se convierta en una amenaza a la seguridad, una versión vulnerable de Java Plug-in debe estar ya instalada en el equipo, o el usuario debe instalarla manualmente. El usuario podría entonces ser consultado para utilizar la versión vulnerable.
Esta debilidad puede resultar en una falsa sensación de seguridad, desde que se piensa que instalando una versión actualizada, se eliminarán vulnerabilidades de versiones previas.
Es importante notar que esta característica es soportada en varios navegadores de Internet, y por lo tanto los propios navegadores pueden ser propensos a este problema. Algunos navegadores no permiten un Java Plug-in que ya no está registrado en el navegador para ejecutarse.
Son vulnerables las siguientes versiones:
- Sun JRE (Windows Production Release) 1.1.6_009
- Sun JRE (Windows Production Release) 1.1.7 B_007
- Sun JRE (Windows Production Release) 1.1.8_009
- Sun JRE (Windows Production Release) 1.1.8_008
- Sun JRE (Windows Production Release) 1.1.8_007
- Sun JRE (Windows Production Release) 1.1.8_005
- Sun JRE (Windows Production Release) 1.1.8
- Sun JRE (Windows Production Release) 1.2
- Sun JRE (Windows Production Release) 1.2.1
- Sun JRE (Windows Production Release) 1.2.2_12
- Sun JRE (Windows Production Release) 1.2.2_015
- Sun JRE (Windows Production Release) 1.2.2_014
- Sun JRE (Windows Production Release) 1.2.2_013
- Sun JRE (Windows Production Release) 1.2.2_011
- Sun JRE (Windows Production Release) 1.2.2_010
- Sun JRE (Windows Production Release) 1.2.2_007
- Sun JRE (Windows Production Release) 1.2.2
- Sun JRE (Windows Production Release) 1.3 .0_05
- Sun JRE (Windows Production Release) 1.3 .0_04
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3
- Sun JRE (Windows Production Release) 1.3.1_09
- Sun JRE (Windows Production Release) 1.3.1_08
- Sun JRE (Windows Production Release) 1.3.1_07
- Sun JRE (Windows Production Release) 1.3.1_06
- Sun JRE (Windows Production Release) 1.3.1_05
- Sun JRE (Windows Production Release) 1.3.1_04
- Sun JRE (Windows Production Release) 1.3.1_03
- Sun JRE (Windows Production Release) 1.3.1_02
- Sun JRE (Windows Production Release) 1.3.1_01a
- Sun JRE (Windows Production Release) 1.3.1_01
- Sun JRE (Windows Production Release) 1.4 .0_04
- Sun JRE (Windows Production Release) 1.4 .0_03
- Sun JRE (Windows Production Release) 1.4 .0_02
- Sun JRE (Windows Production Release) 1.4 .0_01
- Sun JRE (Windows Production Release) 1.4
- Sun JRE (Windows Production Release) 1.4.1_07
- Sun JRE (Windows Production Release) 1.4.1_03
- Sun JRE (Windows Production Release) 1.4.1_02
- Sun JRE (Windows Production Release) 1.4.1_01
- Sun JRE (Windows Production Release) 1.4.1
- Sun JRE (Windows Production Release) 1.4.2_06
- Sun JRE (Windows Production Release) 1.4.2_05
- Sun JRE (Windows Production Release) 1.4.2_05
- Sun JRE (Windows Production Release) 1.4.2_04
- Sun JRE (Windows Production Release) 1.4.2_03
- Sun JRE (Windows Production Release) 1.4.2_02
- Sun JRE (Windows Production Release) 1.4.2_01
- Sun JRE (Windows Production Release) 1.4.2
- Sun JRE (Linux Production Release) 1.2.2_12
- Sun JRE (Linux Production Release) 1.2.2_015
- Sun JRE (Linux Production Release) 1.2.2_014
- Sun JRE (Linux Production Release) 1.2.2_013
- Sun JRE (Linux Production Release) 1.2.2_011
- Sun JRE (Linux Production Release) 1.2.2_010
- Sun JRE (Linux Production Release) 1.2.2_007
- Sun JRE (Linux Production Release) 1.2.2_006
- Sun JRE (Linux Production Release) 1.2.2_005
- Sun JRE (Linux Production Release) 1.2.2_004
- Sun JRE (Linux Production Release) 1.2.2_003
- Sun JRE (Linux Production Release) 1.2.2
- Sun JRE (Linux Production Release) 1.3 .0_05
- Sun JRE (Linux Production Release) 1.3 .0_04
- Sun JRE (Linux Production Release) 1.3 .0_03
- Sun JRE (Linux Production Release) 1.3 .0_02
- Sun JRE (Linux Production Release) 1.3 .0_01
- Sun JRE (Linux Production Release) 1.3 .0
- Sun JRE (Linux Production Release) 1.3.1_09
- Sun JRE (Linux Production Release) 1.3.1_08
- Sun JRE (Linux Production Release) 1.3.1_07
- Sun JRE (Linux Production Release) 1.3.1_06
- Sun JRE (Linux Production Release) 1.3.1_05
- Sun JRE (Linux Production Release) 1.3.1_03
- Sun JRE (Linux Production Release) 1.3.1_02
- Sun JRE (Linux Production Release) 1.3.1_01
- Sun JRE (Linux Production Release) 1.3.1
- Sun JRE (Linux Production Release) 1.4 .0_04
- Sun JRE (Linux Production Release) 1.4 .0_03
- Sun JRE (Linux Production Release) 1.4 .0_02
- Sun JRE (Linux Production Release) 1.4
- Sun JRE (Linux Production Release) 1.4.1_03
- Sun JRE (Linux Production Release) 1.4.1_02
- Sun JRE (Linux Production Release) 1.4.1_01
- Sun JRE (Linux Production Release) 1.4.1
- Sun JRE (Linux Production Release) 1.4.2_06
- Sun JRE (Linux Production Release) 1.4.2_05
- Sun JRE (Linux Production Release) 1.4.2_04
- Sun JRE (Linux Production Release) 1.4.2_03
- Sun JRE (Linux Production Release) 1.4.2_02
- Sun JRE (Linux Production Release) 1.4.2_01
- Sun JRE (Linux Production Release) 1.4.2
- Sun JRE (Solaris Production Release) 1.1.6
- Sun JRE (Solaris Production Release) 1.1.7 B
- Sun JRE (Solaris Production Release) 1.1.8_14
- Sun JRE (Solaris Production Release) 1.1.8_13
- Sun JRE (Solaris Production Release) 1.1.8_12
- Sun JRE (Solaris Production Release) 1.1.8_10
- Sun JRE (Solaris Production Release) 1.1.8_009
- Sun JRE (Solaris Production Release) 1.1.8
- Sun JRE (Solaris Production Release) 1.2
- Sun JRE (Solaris Production Release) 1.2.1
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_07
- Sun JRE (Solaris Production Release) 1.2.2_05a
- Sun JRE (Solaris Production Release) 1.2.2_014
- Sun JRE (Solaris Production Release) 1.2.2_013
- Sun JRE (Solaris Production Release) 1.2.2_012
- Sun JRE (Solaris Production Release) 1.2.2_011
- Sun JRE (Solaris Production Release) 1.2.2_010
- Sun JRE (Solaris Production Release) 1.2.2
- Sun JRE (Solaris Production Release) 1.3 .0_05
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3
- Sun JRE (Solaris Production Release) 1.3.1_09
- Sun JRE (Solaris Production Release) 1.3.1_08
- Sun JRE (Solaris Production Release) 1.3.1_07
- Sun JRE (Solaris Production Release) 1.3.1_06
- Sun JRE (Solaris Production Release) 1.3.1_05
- Sun JRE (Solaris Production Release) 1.3.1_04
- Sun JRE (Solaris Production Release) 1.3.1_03
- Sun JRE (Solaris Production Release) 1.3.1_02
- Sun JRE (Solaris Production Release) 1.3.1_01
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_03
- Sun JRE (Solaris Production Release) 1.4 .0_02
- Sun JRE (Solaris Production Release) 1.4 .0_01
- Sun JRE (Solaris Production Release) 1.4
- Sun JRE (Solaris Production Release) 1.4.1_03
- Sun JRE (Solaris Production Release) 1.4.1_02
- Sun JRE (Solaris Production Release) 1.4.1_01
- Sun JRE (Solaris Production Release) 1.4.1
- Sun JRE (Solaris Production Release) 1.4.2_06
- Sun JRE (Solaris Production Release) 1.4.2_05
- Sun JRE (Solaris Production Release) 1.4.2_04
- Sun JRE (Solaris Production Release) 1.4.2_03
- Sun JRE (Solaris Production Release) 1.4.2_02
- Sun JRE (Solaris Production Release) 1.4.2_01
- Sun JRE (Solaris Production Release) 1.4.2
No se requiere un exploit para aprovecharse de esta debilidad. Se ha publicado en Internet un ejemplo como prueba de concepto (PoC).
No existe al momento actual, ningún parche o actualización para este problema. Se aconseja como medida de precaución, desinstalar todas las versiones anteriores de Java que pudieran existir (en Windows, ver "Agregar o quitar programas" del Panel de Control), para prevenir que puedan ser accedidas para ejecutar un applet malicioso capaz de explotar otras vulnerabilidades latentes en versiones antiguas.
Créditos:
Peter Greenwood
Referencias:
Java version downgrading proof-of-concept
http://www.securityfocus.com/archive/1/382413Re: Sun Java Plugin arbitrary package access vulnerability
http://www.securityfocus.com/archive/1/382281Encountering OBJECT,
EMBED, and APPLET Tags With Different Plug-in Versions
http://java.sun.com/products/plugin/versions.html#answersPublicado en:
http://www.vsantivirus.com/vul-java-version-301104.htm
DoS remoto en API de serialización de Sun Java VMSe ha reportado una vulnerabilidad capaz de producir una denegación de servicio en la Java Virtual Machine de Sun (JVM).
La serialización es un mecanismo mediante el cual se puede convertir un objeto en un flujo de bytes que represente su estado, y consecuentemente poder ser transportado a través de la red o almacenado de manera persistente en un sistema de archivos.
Java (J2SE), hace uso de ésta tecnología mediante un API (Application Program Interface), soportando la escritura y lectura de objetos en flujos de bytes, y definiendo una serie de características para proteger aquella información no susceptible de ser serializada.
Una vulnerabilidad en este API usado por Java, puede explotarse para sobrecargar en forma remota un Java Virtual Machine (JVM).
Esto resulta en una denegación de servicio (DoS) al consumirse todos los recursos del procesador y la memoria disponible.
Al momento actual no se conocen exploits que se aprovechen de este problema.
Son vulnerables las siguientes versiones de Java:
- Sun JRE (Windows Production Release) 1.1.6_009
- Sun JRE (Windows Production Release) 1.1.7 B_007
- Sun JRE (Windows Production Release) 1.1.8_009
- Sun JRE (Windows Production Release) 1.1.8_008
- Sun JRE (Windows Production Release) 1.1.8_007
- Sun JRE (Windows Production Release) 1.1.8_005
- Sun JRE (Windows Production Release) 1.1.8
- Sun JRE (Windows Production Release) 1.2
- Sun JRE (Windows Production Release) 1.2.1
- Sun JRE (Windows Production Release) 1.2.2_12
- Sun JRE (Windows Production Release) 1.2.2_015
- Sun JRE (Windows Production Release) 1.2.2_014
- Sun JRE (Windows Production Release) 1.2.2_013
- Sun JRE (Windows Production Release) 1.2.2_011
- Sun JRE (Windows Production Release) 1.2.2_010
- Sun JRE (Windows Production Release) 1.2.2_007
- Sun JRE (Windows Production Release) 1.2.2
- Sun JRE (Windows Production Release) 1.3 .0_05
- Sun JRE (Windows Production Release) 1.3 .0_04
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3 .0_02
- Sun JRE (Windows Production Release) 1.3
- Sun JRE (Windows Production Release) 1.3.1_09
- Sun JRE (Windows Production Release) 1.3.1_08
- Sun JRE (Windows Production Release) 1.3.1_07
- Sun JRE (Windows Production Release) 1.3.1_06
- Sun JRE (Windows Production Release) 1.3.1_05
- Sun JRE (Windows Production Release) 1.3.1_04
- Sun JRE (Windows Production Release) 1.3.1_03
- Sun JRE (Windows Production Release) 1.3.1_02
- Sun JRE (Windows Production Release) 1.3.1_01a
- Sun JRE (Windows Production Release) 1.3.1_01
- Sun JRE (Windows Production Release) 1.4 .0_04
- Sun JRE (Windows Production Release) 1.4 .0_03
- Sun JRE (Windows Production Release) 1.4 .0_02
- Sun JRE (Windows Production Release) 1.4 .0_01
- Sun JRE (Windows Production Release) 1.4
- Sun JRE (Windows Production Release) 1.4.1_07
- Sun JRE (Windows Production Release) 1.4.1_03
- Sun JRE (Windows Production Release) 1.4.1_02
- Sun JRE (Windows Production Release) 1.4.1_01
- Sun JRE (Windows Production Release) 1.4.1
- Sun JRE (Windows Production Release) 1.4.2_05
- Sun JRE (Windows Production Release) 1.4.2_04
- Sun JRE (Windows Production Release) 1.4.2_03
- Sun JRE (Windows Production Release) 1.4.2_02
- Sun JRE (Windows Production Release) 1.4.2_01
- Sun JRE (Windows Production Release) 1.4.2
- Sun JRE (Linux Production Release) 1.2.2_12
- Sun JRE (Linux Production Release) 1.2.2_015
- Sun JRE (Linux Production Release) 1.2.2_014
- Sun JRE (Linux Production Release) 1.2.2_013
- Sun JRE (Linux Production Release) 1.2.2_011
- Sun JRE (Linux Production Release) 1.2.2_010
- Sun JRE (Linux Production Release) 1.2.2_007
- Sun JRE (Linux Production Release) 1.2.2_006
- Sun JRE (Linux Production Release) 1.2.2_005
- Sun JRE (Linux Production Release) 1.2.2_004
- Sun JRE (Linux Production Release) 1.2.2_003
- Sun JRE (Linux Production Release) 1.2.2
- Sun JRE (Linux Production Release) 1.3 .0_05
- Sun JRE (Linux Production Release) 1.3 .0_04
- Sun JRE (Linux Production Release) 1.3 .0_03
- Sun JRE (Linux Production Release) 1.3 .0_02
- Sun JRE (Linux Production Release) 1.3 .0_01
- Sun JRE (Linux Production Release) 1.3 .0
- Sun JRE (Linux Production Release) 1.3.1_09
- Sun JRE (Linux Production Release) 1.3.1_08
- Sun JRE (Linux Production Release) 1.3.1_07
- Sun JRE (Linux Production Release) 1.3.1_06
- Sun JRE (Linux Production Release) 1.3.1_05
- Sun JRE (Linux Production Release) 1.3.1_03
- Sun JRE (Linux Production Release) 1.3.1_02
- Sun JRE (Linux Production Release) 1.3.1_01
- Sun JRE (Linux Production Release) 1.3.1
- Sun JRE (Linux Production Release) 1.4 .0_04
- Sun JRE (Linux Production Release) 1.4 .0_03
- Sun JRE (Linux Production Release) 1.4 .0_02
- Sun JRE (Linux Production Release) 1.4
- Sun JRE (Linux Production Release) 1.4.1_03
- Sun JRE (Linux Production Release) 1.4.1_02
- Sun JRE (Linux Production Release) 1.4.1_01
- Sun JRE (Linux Production Release) 1.4.1
- Sun JRE (Linux Production Release) 1.4.2_05
- Sun JRE (Linux Production Release) 1.4.2_04
- Sun JRE (Linux Production Release) 1.4.2_03
- Sun JRE (Linux Production Release) 1.4.2_02
- Sun JRE (Linux Production Release) 1.4.2_01
- Sun JRE (Linux Production Release) 1.4.2
- Sun JRE (Solaris Production Release) 1.2
- Sun JRE (Solaris Production Release) 1.2.1
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_11
- Sun JRE (Solaris Production Release) 1.2.2_07
- Sun JRE (Solaris Production Release) 1.2.2_05a
- Sun JRE (Solaris Production Release) 1.2.2_014
- Sun JRE (Solaris Production Release) 1.2.2_013
- Sun JRE (Solaris Production Release) 1.2.2_012
- Sun JRE (Solaris Production Release) 1.2.2_011
- Sun JRE (Solaris Production Release) 1.2.2_010
- Sun JRE (Solaris Production Release) 1.2.2
- Sun JRE (Solaris Production Release) 1.3 .0_05
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3 .0_02
- Sun JRE (Solaris Production Release) 1.3
- Sun JRE (Solaris Production Release) 1.3.1_09
- Sun JRE (Solaris Production Release) 1.3.1_08
- Sun JRE (Solaris Production Release) 1.3.1_07
- Sun JRE (Solaris Production Release) 1.3.1_06
- Sun JRE (Solaris Production Release) 1.3.1_05
- Sun JRE (Solaris Production Release) 1.3.1_04
- Sun JRE (Solaris Production Release) 1.3.1_03
- Sun JRE (Solaris Production Release) 1.3.1_02
- Sun JRE (Solaris Production Release) 1.3.1_01
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_04
- Sun JRE (Solaris Production Release) 1.4 .0_03
- Sun JRE (Solaris Production Release) 1.4 .0_02
- Sun JRE (Solaris Production Release) 1.4 .0_01
- Sun JRE (Solaris Production Release) 1.4
- Sun JRE (Solaris Production Release) 1.4.1_03
- Sun JRE (Solaris Production Release) 1.4.1_02
- Sun JRE (Solaris Production Release) 1.4.1_01
- Sun JRE (Solaris Production Release) 1.4.1
- Sun JRE (Solaris Production Release) 1.4.2_05
- Sun JRE (Solaris Production Release) 1.4.2_04
- Sun JRE (Solaris Production Release) 1.4.2_03
- Sun JRE (Solaris Production Release) 1.4.2_02
- Sun JRE (Solaris Production Release) 1.4.2_01
- Sun JRE (Solaris Production Release) 1.4.2
No son vulnerables las siguientes versiones:
- Sun JRE (Windows Production Release) 1.4.2_06
- Sun JRE (Linux Production Release) 1.4.2_06
- Sun JRE (Solaris Production Release) 1.4.2_06
Solución
Descargar e instalar la versión Java JRE 1.4.4_06 o superior
Descarga:
Java Runtime Environment (JRE), Standard Edition 1.4.2_06
http://java.sun.com/j2se/1.4.2/download.htmlCréditos:
Marc Schoenefeld <
[email protected]>
Referencias:
Rumours about Opera
http://www.securityfocus.com/archive/1/382309Publicado en:
http://www.vsantivirus.com/vul-java-api-301104.htm
